Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
bnieCH9wRm.exe

Overview

General Information

Sample Name:bnieCH9wRm.exe
Analysis ID:806861
MD5:acd46f88a6f90143090c342c10544ccf
SHA1:bb90bed3b0d747feeac32536d75c6d153b34be0b
SHA256:8bf1319fd0f77cd38f85d436e044f2d9e93e3f33844f20737117230b73b60f6c
Infos:

Detection

Conti, DBatLoader, Jcrypt, NominatusCrypto, TrojanRansom
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Yara detected Conti ransomware
Yara detected DBatLoader
Multi AV Scanner detection for submitted file
Yara detected Jcrypt Ransomware
Yara detected NominatusCrypto Ransomware
Malicious sample detected (through community Yara rule)
Yara detected TrojanRansom
Writes many files with high entropy
Deletes shadow drive data (may be related to ransomware)
Found potential ransomware demand text
Machine Learning detection for sample
Creates a DirectInput object (often for capturing keystrokes)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Binary contains a suspicious time stamp
Detected potential crypto function
Abnormal high CPU Usage

Classification

Process Tree

  • System is w10x64
  • bnieCH9wRm.exe (PID: 5532 cmdline: C:\Users\user\Desktop\bnieCH9wRm.exe MD5: ACD46F88A6F90143090C342C10544CCF)
  • cleanup

Malware Configuration

Threatname: JCrypt

{"Email": ["Clay_whoami_1@protonmail.ch"], "Bitcoin Wallet": "bc1q6dkqnmj3ynetnk3asypm5malwd3se0ylcld5gh", "Ransom Note": "All of your files have been encrypted.\n\nTo unlock them, please send 0.01 bitcoin(s) to BTC address: bc1q6dkqnmj3ynetnk3asypm5malwd3se0ylcld5gh\nAfterwards, please email your transaction ID to: Clay_whoami_1@protonmail.ch\n\nThank you and have a nice day!\n\nEncryption Log:\n----------------------------------------\n"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
bnieCH9wRm.exeJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
    bnieCH9wRm.exeJoeSecurity_NominatusCryptoYara detected NominatusCrypto RansomwareJoe Security
      bnieCH9wRm.exeJoeSecurity_Conti_ransomwareYara detected Conti ransomwareJoe Security
        bnieCH9wRm.exeKovter_1Kovter Payloadkevoreilly
        • 0x86210:$a1: chkok
        • 0x86238:$a1: chkok
        • 0x86248:$a1: chkok
        • 0x95328:$a1: chkok
        • 0x95338:$a1: chkok
        • 0x95360:$a1: chkok
        • 0x89998:$a2: k2Tdgo
        • 0x89b68:$a2: k2Tdgo
        • 0x83ee8:$a3: 13_13_13
        • 0x9e1e8:$a4: Win Server 2008 R2
        bnieCH9wRm.exeWin32_Ransomware_KovterunknownReversingLabs
        • 0x9f2ac:$remote_connection_1: 55 8B EC 81 C4 C0 FB FF FF 53 56 57 33 DB 89 9D C0 FB FF FF 89 9D C4 FB FF FF 89 9D C8 FB FF FF 89 9D CC FB FF FF 89 9D D0 FB FF FF 89 9D D4 FB FF FF 89 9D D8 FB FF FF 89 5D EC 89 5D E4 8B D9 ...
        • 0x9f4c0:$remote_connection_2: 45 E0 50 6A 1F 8B 45 F4 50 E8 0A 44 FC FF 85 C0 0F 84 B4 00 00 00 8B 45 E0 0D 00 01 00 00 0D 80 00 00 00 89 45 E0 8B 45 DC 50 8D 45 E0 50 6A 1F 8B 45 F4 50 E8 EF 43 FC FF 85 C0 0F 84 89 00 00 ...
        • 0x9f7d0:$remote_connection_3: 45 F4 50 E8 08 41 FC FF 85 C0 74 46 83 7D F0 00 74 40 8D 45 E4 8B 55 F0 E8 9B 0A FC FF 8D 45 E4 E8 2F 09 FC FF 8D 95 DC FB FF FF 8B 4D F0 E8 6D 38 FC FF 8B C6 8B 55 E4 E8 4F 07 FC FF 8B 45 F0 ...
        • 0xa0e3f:$find_files: 50 E8 5B 1F FC FF 8B D8 83 FB FF 0F 84 06 01 00 00 33 F6 46 81 FE 10 27 00 00 0F 87 F7 00 00 00 83 FB FF 0F 84 EE 00 00 00 8D 45 F8 8D 57 2C B9 04 01 00 00 E8 E0 F5 FB FF 8B 45 F8 BA 68 47 44 ...
        • 0x7e52a:$decrypt_payload_script: FF 75 D8 FF 75 F4 68 BC 1C 42 00 FF 75 FC 68 C8 1C 42 00 8D 45 D4 E8 97 FC FF FF FF 75 D4 FF 75 F0 68 D4 1C 42 00 FF 75 EC 68 E8 1C 42 00 FF 75 EC 68 F4 1C 42 00 FF 75 F4 68 00 1D 42 00 FF 75 ...

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        Process Memory Space: bnieCH9wRm.exe PID: 5532JoeSecurity_TrojanRansomYara detected TrojanRansomJoe Security
          Process Memory Space: bnieCH9wRm.exe PID: 5532JoeSecurity_jcryptYara detected Jcrypt RansomwareJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: bnieCH9wRm.exeAvira: detected
            Multi AV Scanner detection for submitted file
            Source: bnieCH9wRm.exeReversingLabs: Detection: 79%
            Source: bnieCH9wRm.exeVirustotal: Detection: 72%Perma Link
            Machine Learning detection for sample
            Source: bnieCH9wRm.exeJoe Sandbox ML: detected
            Source: bnieCH9wRm.exeMalware Configuration Extractor: JCrypt {"Email": ["Clay_whoami_1@protonmail.ch"], "Bitcoin Wallet": "bc1q6dkqnmj3ynetnk3asypm5malwd3se0ylcld5gh", "Ransom Note": "All of your files have been encrypted.\n\nTo unlock them, please send 0.01 bitcoin(s) to BTC address: bc1q6dkqnmj3ynetnk3asypm5malwd3se0ylcld5gh\nAfterwards, please email your transaction ID to: Clay_whoami_1@protonmail.ch\n\nThank you and have a nice day!\n\nEncryption Log:\n----------------------------------------\n"}
            Source: bnieCH9wRm.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: JP2KLib.pdb source: bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb77.GCTL source: bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Release\chrome_wow_helper.pdb source: bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb source: bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: c:\Users\sd\Documents\SharpDevelop Projects\VirusMSILNominatusStorm\VirusMSILNominatusStorm\obj\Debug\VirusMSILNominatusStorm.pdb source: bnieCH9wRm.exe
            Source: Binary string: A3DUtils.pdb// GCTL source: bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: ScCore.pdb$ source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: BIBUtils.pdb$$$ source: bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: D:\DCB\CBT_Main\3D\Common\a3d\build\win\Release\rt3d.pdb source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: A3DUtils.pdb source: bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: BIBUtils.pdb source: bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: ACE.pdb source: bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: g:\Acro_root_apms\build\Release-results\info\Adobe AIR.pdb|0m source: bnieCH9wRm.exe
            Source: Binary string: ScCore.pdb source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: ExtendScript.pdb source: bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Release\AcroRd32Exe.pdb source: bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Release\Eula.pdb source: bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: ACE.pdboon source: bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: C:\Users\1\Downloads\EncrypterPOC-main\EncrypterPOC-main\WindowsFormsApp1\obj\Release\WindowsFormsApp1.pdb source: bnieCH9wRm.exe
            Source: Binary string: pe.pdb source: bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: D:\DCB\CBT_Main\Acrobat\Installers\AcroSup64\Release\AcroSup64.pdb source: bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: g:\Acro_root_apms\build\Release-results\info\Adobe AIR.pdb source: bnieCH9wRm.exe
            Source: Binary string: D:\DCB\CBT_Main\3D\Common\a3d\build\win\Release\rt3d.pdb source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: AXE8SharedExpat.pdb source: bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: ExtendScript.pdb source: bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: c:\Users\sd\Documents\SharpDevelop Projects\VirusMSILNominatusStorm\VirusMSILNominatusStorm\obj\Debug\VirusMSILNominatusStorm.pdbp7 source: bnieCH9wRm.exe
            Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Release\Eula.pdb998 source: bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Release\sqlite.pdb source: bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp
            Source: bnieCH9wRm.exeString found in binary or memory: http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatch
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
            Source: bnieCH9wRm.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
            Source: bnieCH9wRm.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
            Source: bnieCH9wRm.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
            Source: bnieCH9wRm.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
            Source: bnieCH9wRm.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
            Source: bnieCH9wRm.exeString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
            Source: bnieCH9wRm.exeString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://evcs-aia.ws.symantec.com/evcs.cer0
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://evcs-crl.ws.symantec.com/evcs.crl0
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://evcs-ocsp.ws.symantec.com04
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
            Source: bnieCH9wRm.exeString found in binary or memory: http://fpdownload2.macromedia.com/get/
            Source: bnieCH9wRm.exeString found in binary or memory: http://fpdownload2.macromedia.com/get/https://fpdownload.macromedia.com/get/https://www.macromedia.c
            Source: bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://icu-project.org
            Source: bnieCH9wRm.exeString found in binary or memory: http://ocsp.digicert.com0
            Source: bnieCH9wRm.exeString found in binary or memory: http://ocsp.digicert.com0A
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0H
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0I
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
            Source: bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s.symcb.com/universal-root.crl0
            Source: bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s.symcd.com06
            Source: bnieCH9wRm.exeString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
            Source: bnieCH9wRm.exeString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
            Source: bnieCH9wRm.exeString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
            Source: bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
            Source: bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
            Source: bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
            Source: bnieCH9wRm.exeString found in binary or memory: http://uri.etsi.org/01903/v1.1.1#
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: bnieCH9wRm.exe, 00000000.00000003.261283598.0000000006157000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.html
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
            Source: bnieCH9wRm.exeString found in binary or memory: http://www.digicert.com/CPS0
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
            Source: bnieCH9wRm.exe, 00000000.00000003.263542603.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.262802204.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.272077070.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.263864398.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.263930068.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.263680533.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.263807548.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.272196896.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.263777832.0000000006172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
            Source: bnieCH9wRm.exe, 00000000.00000003.262766646.0000000006172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
            Source: bnieCH9wRm.exe, 00000000.00000003.263864398.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.263835648.0000000006176000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
            Source: bnieCH9wRm.exe, 00000000.00000003.263510923.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.262842218.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.263542603.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.262802204.0000000006172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers6RQ7
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
            Source: bnieCH9wRm.exe, 00000000.00000003.264664563.0000000006172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersDR
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
            Source: bnieCH9wRm.exe, 00000000.00000003.263864398.0000000006172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersURW
            Source: bnieCH9wRm.exe, 00000000.00000003.272150246.0000000006172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designerse&
            Source: bnieCH9wRm.exe, 00000000.00000003.272150246.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.272077070.0000000006172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designerskR
            Source: bnieCH9wRm.exe, 00000000.00000003.265121648.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.265060289.0000000006172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersn
            Source: bnieCH9wRm.exe, 00000000.00000002.787910842.0000000006140000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.coma#27g
            Source: bnieCH9wRm.exe, 00000000.00000002.787910842.0000000006140000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comicva
            Source: bnieCH9wRm.exe, 00000000.00000002.787910842.0000000006140000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.como
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
            Source: bnieCH9wRm.exe, 00000000.00000003.257847890.000000000614E000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.256662876.000000000614E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
            Source: bnieCH9wRm.exe, 00000000.00000003.257847890.000000000614E000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.256662876.000000000614E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnde
            Source: bnieCH9wRm.exe, 00000000.00000003.256008300.000000000616D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnh-c
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
            Source: bnieCH9wRm.exe, 00000000.00000003.267330166.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.267535619.0000000006175000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.268376500.0000000006175000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.266840770.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.267235955.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.268947792.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.272490068.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.272265866.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.270339223.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.268211432.0000000006175000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.270841141.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.267024477.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.266877443.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.266797443.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.268322371.0000000006175000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.270420736.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.269521456.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.266742260.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.267066364.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.267263450.0000000006176000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
            Source: bnieCH9wRm.exe, 00000000.00000003.719974579.000000000463B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.lextek.com)
            Source: bnieCH9wRm.exe, 00000000.00000003.719974579.000000000463B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.lextek.com/
            Source: bnieCH9wRm.exeString found in binary or memory: http://www.macromedia.com
            Source: bnieCH9wRm.exeString found in binary or memory: http://www.macromedia.com/support/flashplayer/sys/
            Source: bnieCH9wRm.exe, 00000000.00000003.271179571.0000000006177000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.270841141.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.270984573.0000000006179000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.monotype.GLn6m
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps09
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa04
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.256451160.000000000616F000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.257847890.0000000006154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
            Source: bnieCH9wRm.exe, 00000000.00000003.256451160.000000000616F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com2Vt7
            Source: bnieCH9wRm.exe, 00000000.00000003.256451160.000000000616F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.comKV
            Source: bnieCH9wRm.exe, 00000000.00000003.257847890.0000000006154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.comL
            Source: bnieCH9wRm.exe, 00000000.00000003.257847890.0000000006154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.comk
            Source: bnieCH9wRm.exe, 00000000.00000003.257847890.0000000006154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.comslnt
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
            Source: bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
            Source: bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
            Source: bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
            Source: bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0.
            Source: bnieCH9wRm.exeString found in binary or memory: https://fpdownload.macromedia.com/get/
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
            Source: bnieCH9wRm.exeString found in binary or memory: https://www.macromedia.com/bin/flashdownload.cgi
            Source: bnieCH9wRm.exeString found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/
            Source: bnieCH9wRm.exeBinary or memory string: DirectDrawCreateEx

            Spam, unwanted Advertisements and Ransom Demands

            barindex
            Yara detected Conti ransomware
            Source: Yara matchFile source: bnieCH9wRm.exe, type: SAMPLE
            Yara detected Jcrypt Ransomware
            Source: Yara matchFile source: Process Memory Space: bnieCH9wRm.exe PID: 5532, type: MEMORYSTR
            Yara detected NominatusCrypto Ransomware
            Source: Yara matchFile source: bnieCH9wRm.exe, type: SAMPLE
            Yara detected TrojanRansom
            Source: Yara matchFile source: Process Memory Space: bnieCH9wRm.exe PID: 5532, type: MEMORYSTR
            Writes many files with high entropy
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll.clay entropy: 7.99954128555Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll.clay entropy: 7.99945854841Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pe.dll.clay entropy: 7.99987974432Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RDCNotificationClient.appx.clay entropy: 7.99989915165Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe.clay entropy: 7.99655339256Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\rt3d.dll.clay entropy: 7.99988811428Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_ecc.dll.clay entropy: 7.99957037406Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ScCore.dll.clay entropy: 7.99966233008Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf.clay entropy: 7.99906889742Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll.clay entropy: 7.99960115383Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\CoolType.dll.clay entropy: 7.99993932822Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ViewerPS.dll.clay entropy: 7.99209942853Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll.clay entropy: 7.99927450769Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\DirectInk.dll.clay entropy: 7.99859617669Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe.clay entropy: 7.99796142144Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ExtendScript.dll.clay entropy: 7.99971548111Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe.clay entropy: 7.99914614147Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf.clay entropy: 7.99764035071Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe.clay entropy: 7.9984611442Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll.clay entropy: 7.99948551356Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf.clay entropy: 7.99888910232Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll.clay entropy: 7.99892585685Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll.clay entropy: 7.99979871986Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe.clay entropy: 7.99930154339Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Acrofx32.dll.clay entropy: 7.99777333471Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll.clay entropy: 7.99999451708Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe.clay entropy: 7.99992081935Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe.clay entropy: 7.99411953646Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Res.dll.clay entropy: 7.99998849498Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroSup64.dll.clay entropy: 7.99842655482Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe.clay entropy: 7.99560805659Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe.clay entropy: 7.99866077951Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe.clay entropy: 7.99996561714Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeLinguistic.dll.clay entropy: 7.9996654379Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\adoberfp.dll.clay entropy: 7.99926007927Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeXMP.dll.clay entropy: 7.99955086322Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGM.dll.clay entropy: 7.99996858775Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv58.dll.clay entropy: 7.99985766835Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icudt58.dll.clay entropy: 7.99998138814Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\JP2KLib.dll.clay entropy: 7.99978501458Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\logsession.dll.clay entropy: 7.99955157767Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe.clay entropy: 7.99957302573Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Microsoft.VCLibs.x86.14.00.appx.clay entropy: 7.99971837489Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ahclient.dll.clay entropy: 7.99937375648Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Onix32.dll.clay entropy: 7.99976635161Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIDE.dll.clay entropy: 7.99993797379Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFPrevHndlr.dll.clay entropy: 7.99797109657Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe.clay entropy: 7.99778058214Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf.clay entropy: 7.9995823279Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXE8SharedExpat.dll.clay entropy: 7.99911375788Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXSLE.dll.clay entropy: 7.99975724524Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIB.dll.clay entropy: 7.99846092441Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIBUtils.dll.clay entropy: 7.99882260206Jump to dropped file
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll.clay entropy: 7.99911525893Jump to dropped file
            Deletes shadow drive data (may be related to ransomware)
            Source: bnieCH9wRm.exeBinary or memory string: \Kaspersky.exe{vssadmin delete shadows /all /quiet && wmic shadowcopy delete;echo ^[autorun^] >autorun.infYecho ^open^=KasperskyScan^.exe >>autorun.inf_echo ^execute=^KasperskyScan^.exe >>autorun.inf#KasperskyScan.exe
            Found potential ransomware demand text
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ?e3_MEM_Unlock@@YG_NPAX@Z
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ?unlock@Lockable@ScCore@@QBEXXZ
            Source: bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
            Source: bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ?unlock@Lockable@ScCore@@QBEXXZ

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: bnieCH9wRm.exe, type: SAMPLEMatched rule: Kovter Payload Author: kevoreilly
            Source: bnieCH9wRm.exe, type: SAMPLEMatched rule: Win32_Ransomware_Kovter Author: ReversingLabs
            Source: bnieCH9wRm.exe, type: SAMPLEMatched rule: Kovter_1 author = kevoreilly, description = Kovter Payload, cape_type = Kovter Payload
            Source: bnieCH9wRm.exe, type: SAMPLEMatched rule: Win32_Ransomware_Kovter tc_detection_name = Kovter, tc_detection_factor = , author = ReversingLabs, tc_detection_type = Ransomware
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamert3d.dll` vs bnieCH9wRm.exe
            Source: bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAcroRd32.exe< vs bnieCH9wRm.exe
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAdobeScCore.dllD vs bnieCH9wRm.exe
            Source: bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEula.exe* vs bnieCH9wRm.exe
            Source: bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameicudt58.dll vs bnieCH9wRm.exe
            Source: bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameJP2KLib.dllX vs bnieCH9wRm.exe
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesqlite.dllX vs bnieCH9wRm.exe
            Source: bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameA3DUtils.dllJ vs bnieCH9wRm.exe
            Source: bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewow_helper.exeP vs bnieCH9wRm.exe
            Source: bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameACE.dllP vs bnieCH9wRm.exe
            Source: bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAcroSup64.dll< vs bnieCH9wRm.exe
            Source: bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAdobeExtendScript.dllD vs bnieCH9wRm.exe
            Source: bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameicuuc58.dll vs bnieCH9wRm.exe
            Source: bnieCH9wRm.exe, 00000000.00000003.719974579.000000000463B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameOnix32.dll* vs bnieCH9wRm.exe
            Source: bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBIBUtils.dllZ vs bnieCH9wRm.exe
            Source: bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepe.dll vs bnieCH9wRm.exe
            Source: bnieCH9wRm.exe, 00000000.00000000.252218273.0000000000E87000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameWindowsFormsApp1.exeB vs bnieCH9wRm.exe
            Source: bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAXE8SharedExpat.dllh$ vs bnieCH9wRm.exe
            Source: bnieCH9wRm.exeBinary or memory string: OriginalFilenameWindowsFormsApp1.exeB vs bnieCH9wRm.exe
            Source: bnieCH9wRm.exeBinary or memory string: OriginalFilenameVirusMSILNominatusStorm.exeP vs bnieCH9wRm.exe
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeCode function: 0_2_0173C1A40_2_0173C1A4
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeCode function: 0_2_0173E5F00_2_0173E5F0
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeCode function: 0_2_0173E5E30_2_0173E5E3
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeCode function: 0_2_05714F280_2_05714F28
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeCode function: 0_2_05714F190_2_05714F19
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess Stats: CPU usage > 98%
            Source: bnieCH9wRm.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: bnieCH9wRm.exeReversingLabs: Detection: 79%
            Source: bnieCH9wRm.exeVirustotal: Detection: 72%
            Source: bnieCH9wRm.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: bnieCH9wRm.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.62%
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Program Files (x86)\desktop.ini.clayJump to behavior
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Cby.VbP
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile created: C:\Users\user\Desktop\bnieCH9wRm.exe.clayJump to behavior
            Source: bnieCH9wRm.exeString found in binary or memory: runneroThis installation of this application is damaged. Try re-installing or contacting the publisher for assistance.showError
            Source: bnieCH9wRm.exeString found in binary or memory: -help
            Source: bnieCH9wRm.exeString found in binary or memory: -install
            Source: bnieCH9wRm.exeString found in binary or memory: usage:1 aet ( -osid | -install | -validate ) <air-file>
            Source: bnieCH9wRm.exeString found in binary or memory: aet -help
            Source: bnieCH9wRm.exeString found in binary or memory: adl -help application descriptor not found invalid application descriptor:
            Source: bnieCH9wRm.exeString found in binary or memory: -launch
            Source: bnieCH9wRm.exeString found in binary or memory: stateDownloadingUpdate.invalid invocation for launching sub-installer$Launching sub-installer for version
            Source: bnieCH9wRm.exeString found in binary or memory: parseInt'Launching elevated sub-installer failed
            Source: bnieCH9wRm.exeString found in binary or memory: Re-launching application from
            Source: bnieCH9wRm.exeString found in binary or memory: ms-help:
            Source: bnieCH9wRm.exeString found in binary or memory: ?_flashA=%b&SA=%b&SV=%b&EV=%b&MP3=%b&AE=%b&VE=%b&ACC=%b&PR=%b&SP=%b&SB=%b&DEB=%b&V=%s%s&PT=%s&AVD=%b&LFD=%b&WD=%b&TLS=%b%20http://%s/xmlsocket://fscommanddatascriptrtsp:pop3:wais:snews:nntp:imap:gopher:news:telnet:res:ms-help:mk:ms-itss:ms-its:its:vshelp:local:shell:L
            Source: bnieCH9wRm.exeString found in binary or memory: <!--StartFragment-->
            Source: classification engineClassification label: mal100.rans.troj.winEXE@1/119@0/0
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile read: C:\Users\user\Pictures\desktop.iniJump to behavior
            Source: bnieCH9wRm.exe, Form1.csCryptographic APIs: 'CreateDecryptor'
            Source: 0.0.bnieCH9wRm.exe.e40000.0.unpack, Form1.csCryptographic APIs: 'CreateDecryptor'
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: bnieCH9wRm.exeStatic file information: File size 3438608 > 1048576
            Source: bnieCH9wRm.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: bnieCH9wRm.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: bnieCH9wRm.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: JP2KLib.pdb source: bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb77.GCTL source: bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Release\chrome_wow_helper.pdb source: bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb source: bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: c:\Users\sd\Documents\SharpDevelop Projects\VirusMSILNominatusStorm\VirusMSILNominatusStorm\obj\Debug\VirusMSILNominatusStorm.pdb source: bnieCH9wRm.exe
            Source: Binary string: A3DUtils.pdb// GCTL source: bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: ScCore.pdb$ source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: BIBUtils.pdb$$$ source: bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: D:\DCB\CBT_Main\3D\Common\a3d\build\win\Release\rt3d.pdb source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: A3DUtils.pdb source: bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: BIBUtils.pdb source: bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: ACE.pdb source: bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: g:\Acro_root_apms\build\Release-results\info\Adobe AIR.pdb|0m source: bnieCH9wRm.exe
            Source: Binary string: ScCore.pdb source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: ExtendScript.pdb source: bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Release\AcroRd32Exe.pdb source: bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Release\Eula.pdb source: bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: ACE.pdboon source: bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: C:\Users\1\Downloads\EncrypterPOC-main\EncrypterPOC-main\WindowsFormsApp1\obj\Release\WindowsFormsApp1.pdb source: bnieCH9wRm.exe
            Source: Binary string: pe.pdb source: bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: D:\DCB\CBT_Main\Acrobat\Installers\AcroSup64\Release\AcroSup64.pdb source: bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: g:\Acro_root_apms\build\Release-results\info\Adobe AIR.pdb source: bnieCH9wRm.exe
            Source: Binary string: D:\DCB\CBT_Main\3D\Common\a3d\build\win\Release\rt3d.pdb source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: AXE8SharedExpat.pdb source: bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: ExtendScript.pdb source: bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: c:\Users\sd\Documents\SharpDevelop Projects\VirusMSILNominatusStorm\VirusMSILNominatusStorm\obj\Debug\VirusMSILNominatusStorm.pdbp7 source: bnieCH9wRm.exe
            Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Release\Eula.pdb998 source: bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Release\sqlite.pdb source: bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            Yara detected DBatLoader
            Source: Yara matchFile source: bnieCH9wRm.exe, type: SAMPLE
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeCode function: 0_2_0173E598 push esp; ret 0_2_0173E599
            Source: bnieCH9wRm.exeStatic PE information: 0xBDD42FCE [Wed Dec 3 02:34:54 2070 UTC]
            Source: initial sampleStatic PE information: section name: .text entropy: 7.799346323123273
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Users\user\Desktop\bnieCH9wRm.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\bnieCH9wRm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid Accounts2
            Command and Scripting Interpreter            		Path InterceptionPath Interception2
            Masquerading            		1
            Input Capture            		1
            File and Directory Discovery            		Remote Services1
            Input Capture            		Exfiltration Over Other Network Medium1
            Encrypted Channel            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
            Disable or Modify Tools            		LSASS Memory12
            System Information Discovery            		Remote Desktop Protocol11
            Archive Collected Data            		Exfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)2
            Software Packing            		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
            Deobfuscate/Decode Files or Information            		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
            Timestomp            		LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.common2
            Obfuscated Files or Information            		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup Items1
            File Deletion            		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            bnieCH9wRm.exe79%ReversingLabsByteCode-MSIL.Ransomware.CryptoLock
            bnieCH9wRm.exe72%VirustotalBrowse
            bnieCH9wRm.exe100%AviraTR/Dropper.Gen
            bnieCH9wRm.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            SourceDetectionScannerLabelLinkDownload
            0.0.bnieCH9wRm.exe.e40000.0.unpack100%AviraHEUR/AGEN.1217730Download File

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
            http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
            http://www.tiro.com0%URL Reputationsafe
            http://www.tiro.comL0%URL Reputationsafe
            http://www.goodfont.co.kr0%URL Reputationsafe
            http://www.goodfont.co.kr0%URL Reputationsafe
            http://www.sajatypeworks.com0%URL Reputationsafe
            http://www.typography.netD0%URL Reputationsafe
            http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
            http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
            http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
            http://fontfabrik.com0%URL Reputationsafe
            http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
            http://www.ascendercorp.com/typedesigners.html0%URL Reputationsafe
            http://www.sandoll.co.kr0%URL Reputationsafe
            http://www.urwpp.deDPlease0%URL Reputationsafe
            http://www.zhongyicts.com.cn0%URL Reputationsafe
            http://www.sakkal.com0%URL Reputationsafe
            http://www.tiro.comslnt0%URL Reputationsafe
            http://ocsp.thawte.com00%URL Reputationsafe
            http://www.carterandcone.coml0%URL Reputationsafe
            http://www.founder.com.cn/cn0%URL Reputationsafe
            http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
            http://www.fontbureau.como0%URL Reputationsafe
            http://www.tiro.comk0%URL Reputationsafe
            http://www.monotype.GLn6m0%Avira URL Cloudsafe
            http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatch0%Avira URL Cloudsafe
            http://www.lextek.com)0%Avira URL Cloudsafe
            http://www.fontbureau.comicva0%Avira URL Cloudsafe
            http://www.founder.com.cn/cnh-c0%Avira URL Cloudsafe
            http://www.tiro.comKV0%Avira URL Cloudsafe
            http://www.tiro.com2Vt70%Avira URL Cloudsafe
            http://www.lextek.com/0%Avira URL Cloudsafe
            http://www.founder.com.cn/cnh-c1%VirustotalBrowse
            http://www.founder.com.cn/cnde0%Avira URL Cloudsafe
            http://www.fontbureau.coma#27g0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            No contacted domains info

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://www.fontbureau.com/designersGbnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              http://www.macromedia.combnieCH9wRm.exefalse
                		high
                http://www.fontbureau.com/designers/?bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://www.founder.com.cn/cn/bThebnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatchbnieCH9wRm.exefalse
                  • Avira URL Cloud: safe
                  		low
                  http://www.fontbureau.comicvabnieCH9wRm.exe, 00000000.00000002.787910842.0000000006140000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.fontbureau.com/designers?bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://www.unicode.org/copyright.htmlbnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://schemas.xmlsoap.org/soap/envelope/bnieCH9wRm.exefalse
                        		high
                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordTextbnieCH9wRm.exefalse
                          		high
                          http://www.fontbureau.com/designersURWbnieCH9wRm.exe, 00000000.00000003.263864398.0000000006172000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://www.tiro.combnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.256451160.000000000616F000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.257847890.0000000006154000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.tiro.comLbnieCH9wRm.exe, 00000000.00000003.257847890.0000000006154000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designersbnieCH9wRm.exe, 00000000.00000003.263542603.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.262802204.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.272077070.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.263864398.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.263930068.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.263680533.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.263807548.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.272196896.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.263777832.0000000006172000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://www.goodfont.co.krbnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://uri.etsi.org/01903/v1.1.1#bnieCH9wRm.exefalse
                                		high
                                http://www.sajatypeworks.combnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.monotype.GLn6mbnieCH9wRm.exe, 00000000.00000003.271179571.0000000006177000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.270841141.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.270984573.0000000006179000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.typography.netDbnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.founder.com.cn/cn/cThebnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.galapagosdesign.com/staff/dennis.htmbnieCH9wRm.exe, 00000000.00000003.267330166.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.267535619.0000000006175000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.268376500.0000000006175000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.266840770.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.267235955.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.268947792.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.272490068.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.272265866.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.270339223.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.268211432.0000000006175000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.270841141.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.267024477.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.266877443.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.266797443.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.268322371.0000000006175000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.270420736.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.269521456.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.266742260.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.267066364.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.267263450.0000000006176000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://fontfabrik.combnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://crl.thawte.com/ThawteTimestampingCA.crl0bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.tiro.comKVbnieCH9wRm.exe, 00000000.00000003.256451160.000000000616F000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.founder.com.cn/cnh-cbnieCH9wRm.exe, 00000000.00000003.256008300.000000000616D000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • 1%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.fontbureau.com/designerskRbnieCH9wRm.exe, 00000000.00000003.272150246.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.272077070.0000000006172000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.galapagosdesign.com/DPleasebnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.ascendercorp.com/typedesigners.htmlbnieCH9wRm.exe, 00000000.00000003.261283598.0000000006157000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designerse&bnieCH9wRm.exe, 00000000.00000003.272150246.0000000006172000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.fonts.combnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.lextek.com)bnieCH9wRm.exe, 00000000.00000003.719974579.000000000463B000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		low
                                        http://www.sandoll.co.krbnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.urwpp.deDPleasebnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.zhongyicts.com.cnbnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.sakkal.combnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.tiro.com2Vt7bnieCH9wRm.exe, 00000000.00000003.256451160.000000000616F000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.fontbureau.com/designersnbnieCH9wRm.exe, 00000000.00000003.265121648.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.265060289.0000000006172000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.lextek.com/bnieCH9wRm.exe, 00000000.00000003.719974579.000000000463B000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.apache.org/licenses/LICENSE-2.0bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.fontbureau.combnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.fontbureau.com/designers6RQ7bnieCH9wRm.exe, 00000000.00000003.263510923.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.262842218.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.263542603.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.262802204.0000000006172000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.tiro.comslntbnieCH9wRm.exe, 00000000.00000003.257847890.0000000006154000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://schemas.xmlsoap.org/soap/encoding/bnieCH9wRm.exefalse
                                                  		high
                                                  http://www.symauth.com/cps09bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://ocsp.thawte.com0bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.symauth.com/cps0(bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://icu-project.orgbnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.founder.com.cn/cndebnieCH9wRm.exe, 00000000.00000003.257847890.000000000614E000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.256662876.000000000614E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.macromedia.com/support/flashplayer/sys/bnieCH9wRm.exefalse
                                                          		high
                                                          http://www.carterandcone.comlbnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.fontbureau.com/designers/cabarga.htmlNbnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.founder.com.cn/cnbnieCH9wRm.exe, 00000000.00000003.257847890.000000000614E000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.256662876.000000000614E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://www.fontbureau.com/designers/frere-jones.htmlbnieCH9wRm.exe, 00000000.00000003.263864398.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.263835648.0000000006176000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.fontbureau.com/designersDRbnieCH9wRm.exe, 00000000.00000003.264664563.0000000006172000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://fpdownload2.macromedia.com/get/bnieCH9wRm.exefalse
                                                                  		high
                                                                  http://www.jiyu-kobo.co.jp/bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.fontbureau.comobnieCH9wRm.exe, 00000000.00000002.787910842.0000000006140000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.fontbureau.coma#27gbnieCH9wRm.exe, 00000000.00000002.787910842.0000000006140000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.tiro.comkbnieCH9wRm.exe, 00000000.00000003.257847890.0000000006154000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.fontbureau.com/designers8bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.symauth.com/rpa04bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.fontbureau.com/designers/bnieCH9wRm.exe, 00000000.00000003.262766646.0000000006172000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.macromedia.com/bin/flashdownload.cgibnieCH9wRm.exefalse
                                                                          		high
                                                                          https://www.macromedia.com/support/flashplayer/sys/bnieCH9wRm.exefalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/soap/actor/nextbnieCH9wRm.exefalse
                                                                              		high
                                                                              https://fpdownload.macromedia.com/get/bnieCH9wRm.exefalse
                                                                                		high
                                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsdbnieCH9wRm.exefalse
                                                                                  		high
                                                                                  http://fpdownload2.macromedia.com/get/https://fpdownload.macromedia.com/get/https://www.macromedia.cbnieCH9wRm.exefalse
                                                                                    		high

                                                                                    World Map of Contacted IPs

                                                                                    No contacted IP infos

                                                                                    General Information

                                                                                    Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                    Analysis ID:806861
                                                                                    Start date and time:2023-02-14 05:58:16 +01:00
                                                                                    Joe Sandbox Product:CloudBasic
                                                                                    Overall analysis duration:0h 9m 38s
                                                                                    Hypervisor based Inspection enabled:false
                                                                                    Report type:full
                                                                                    Cookbook file name:default.jbs
                                                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                    Number of analysed new started processes analysed:11
                                                                                    Number of new started drivers analysed:0
                                                                                    Number of existing processes analysed:0
                                                                                    Number of existing drivers analysed:0
                                                                                    Number of injected processes analysed:0
                                                                                    Technologies:
                                                                                    • HCA enabled
                                                                                    • EGA enabled
                                                                                    • HDC enabled
                                                                                    • AMSI enabled
                                                                                    Analysis Mode:default
                                                                                    Analysis stop reason:Timeout
                                                                                    Sample file name:bnieCH9wRm.exe
                                                                                    Detection:MAL
                                                                                    Classification:mal100.rans.troj.winEXE@1/119@0/0
                                                                                    EGA Information:Failed
                                                                                    HDC Information:Failed
                                                                                    HCA Information:
                                                                                    • Successful, ratio: 99%
                                                                                    • Number of executed functions: 17
                                                                                    • Number of non-executed functions: 3
                                                                                    Cookbook Comments:
                                                                                    • Found application associated with file extension: .exe
                                                                                    • Override analysis time to 240s for sample files taking high CPU consumption

                                                                                    Warnings

                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                    • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ctldl.windowsupdate.com
                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                    • Report size getting too big, too many NtQueryVolumeInformationFile calls found.

                                                                                    Simulations

                                                                                    Behavior and APIs

                                                                                    No simulations

                                                                                    Joe Sandbox View / Context

                                                                                    IPs

                                                                                    No context

                                                                                    Domains

                                                                                    No context

                                                                                    ASNs

                                                                                    No context

                                                                                    JA3 Fingerprints

                                                                                    No context

                                                                                    Dropped Files

                                                                                    No context

                                                                                    Created / dropped Files

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):328288
                                                                                    Entropy (8bit):7.999485513561902
                                                                                    Encrypted:true
                                                                                    SSDEEP:6144:ScHZ7VbFZx2QixjgTWkzvbQtjKc/twnOVNCsjbAtMnmhZyjR/IBumPLI:X7Jo2qkzvswnOmUcOnmEvmLI
                                                                                    MD5:B536CBBA593893ECF54AFFCBEE7C78B2
                                                                                    SHA1:607754115A37BE5710C7B5D2CC73D8B8884D2188
                                                                                    SHA-256:378E18B9D64DFE43AA8316ED713665F1AB30F1F24C0FF5285160C2CE7C26D26A
                                                                                    SHA-512:E84172F1D74F0ECCEC369D86AE79A58E17F87521E1EE4BAA00A25E582D3064F5FE0DE4E401C1056A5FE1D2E0ED09242A1799C1E21AE61D0E7592FD9149B2E74E
                                                                                    Malicious:true
                                                                                    Reputation:low
                                                                                    Preview:.q6k..J:.Uuf.E..II>8.Rs.>.......m..W.<...R~!.T._s]v..i...B...f....{....c...eT1.,..m......E.........S..b.g.a..&.k...7......%....:...;8...H.....?..C...........b....1.S~..Dr.K.D.R..W......8.Y.c.........j.1.u...a....].....5J%..s{.Y ..8..9fA.. ..=.,-..ch.|.De..k..$...sRl...#...vP.`=...L.oF.q...h`..O=Z*E..T.,J.g.[..^o..v...8!..K...3.>.....D.]jy..H...gb]'..TO&.o.J.Y....2.>.?.G.|..K..p98H..Wf..S..d.....ADRF..d...)0[{^..7..YT.&..;vQM.}#.R{DZ&.x..'..Q.A..Ya...O..:f...S\..']2Z.H.A&,......p.l.G{..i.<"p....^.s.ZhR.N........I...W.V..5......)a..rFP.....*.:....z.....#.............i..!y...Il.T:..t{..F......... .e...../.....Vh..3*.......*...m......kkdX.;.Y2.B...|.*......'0Z.5....m.[.=-.BNRd...0.............;...g.J....@k+#@N.z..^.1o.....F....F.!yU.{..........|.W9.W}X.4.Sp.../...df..9N.......A.>......i.[...^...o...e........6{b..x...Cus...^./...#..e.vPa.R..1..V...r..x..jC,,.,1......V....a.....q..!.s.{.A...m.MJ~.......XC,.9...a*K\.3.JD..u.J....21u......

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):16672
                                                                                    Entropy (8bit):7.989481277198568
                                                                                    Encrypted:false
                                                                                    SSDEEP:384:HERqNjf2fDYEvbKtesCTOh7rsBEVaoj03QPp/3:kRIjOsEvb0esCosS4oh9
                                                                                    MD5:ACBF4A526517FE2716DA5159A40B3A67
                                                                                    SHA1:5DF032F9C5B5364CDC5DBF87AD87B493337602E9
                                                                                    SHA-256:5CCADFBE88E4005A08B33EEB30135B7442F5C716203D4B2EB223F9B0C255E6A2
                                                                                    SHA-512:D73B9230F1CB1FE0987246DBA2F5DA8CF1DE21A8125D31AC06E8EF623D1A103EBF6C15BE16DB1494E6468EDE832BD643A01814A89226A793C94F89903072533F
                                                                                    Malicious:false
                                                                                    Reputation:low
                                                                                    Preview:..l...O+..e.3.....<.. ,q5.L..9lL1z...W..P.:.}.>..$/.N...H..C... .S"...(.1:...:][ H.[s..1...W&....... .D...,E?s.. .0. ..+..I..Q...a.#.......U....f.b..Rqu...R.o.kH.m..."...c...C...q.<.w|.W..8...:..S..b.g...#.&N.!#..h'......1..2...x.{....dsb..(L......&+j2.0SG.ct..n..K.A._;.6_.OF/.....B..Z..K.....I..6.......D....Ba.7..3B..X...Q^'.8>TN.v.&.#.M.i.gt/.T&.3vQ.!r.>A*2K.[\.Wo.......rJ..#..,...T1.|../.g.9].\'!.-.<...!.Xj...h..YC.3F4.I .h..K.....v/.....F.c.2.I...?..DJtU.%CM.I\c.$Q9..#....e:6L..i.T..[\9.?[.av,.H...........N..<.h.pt..JY^.>.p.d/kn.|nH.O.fws....$W..yd%..S..DKv..~ ...7...k..@.F......9..R..D....~.x.).b.z=..D...E......l....eP.`...>...X.J).5F,.|..(........Bk..e.1....../.M...{.....f...&.Z..0z.e...`...._r=j..+....I...._oR.0...p.sv....'...P....O.PM.;r.J....h.......p.8V.ni+.4...&D....}.H..qZ...W'-.&..`.%....>....|.K.....j.}Q.(...v..ZPC..4.,....dL.h[.n.N..>.R....V..V.E.f..q..]....j....;...y.L:12A.. I..Z....O.....J;Q.H.H.Y...6..OJ=._...k..:..,..e.. ..n

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):186880
                                                                                    Entropy (8bit):7.998889102316944
                                                                                    Encrypted:true
                                                                                    SSDEEP:3072:DPfatZWsyd16vi3yOSYT1eMIuKeB0wPzFNzx3UA5jEovv2z1tGu7w+MiEX:DPfqZbyf6vjOSLMIup6wPzFNZtv2PGmA
                                                                                    MD5:884EA062E9884D5173597BFAED6A70F5
                                                                                    SHA1:0F67AE926241DA4430BE99B8E6F88949CCF65783
                                                                                    SHA-256:E1AF0F96A487801BFFCCB4DAD37CBF474E49A16EA08A8267674074539CAFAE67
                                                                                    SHA-512:AAE7573820A93471A2D8505ED04B13BFF78D103DD07A40CE36DF9193E5DD639F7C59C02E0C9C99AC8242BB7A775C98ABB01344F3CE61B4957D09137743062C44
                                                                                    Malicious:true
                                                                                    Reputation:low
                                                                                    Preview:F....z+.yu....m.....Ej"i....L_.'?.7E7..I.)O!.:S........;./.u04...JfA....:......a.#gz..;.D.........}.. .Ei)P.W... ...v..v......X!mS.....j....g.u...xN...V.!O.4.[X...g?..........3[....Z.y...%gG_.e.>..%..g.Tv.0...D...j....~...H.p.Z"....h.h..........u........PH..vDj.ejd5.......A..z...t......D.N.#.<.../AB.4.|p...uJo.;Po.{N._Kt.......g.Q......15.....),..K.c.5...&....F.....+l...?.../...1..'h..XFB'N(.`PiM.Z...px..a....q.MF.._..C.B..g.R$.#La!..t........*..T..2v..t.).H.....J...QG........~...yU..M.S...c.j.E5*.2O..D.$.;.D.\..z.c..+.[..n.......M..k.k.A.r...........XF;...:-.M!....d.3.$...j..}...F2...9.h..nf.h1X.~i#.tH.K..S....V..d>:...T.!..=h!/.;.K...:.c...!....Pn..yw.......r.....G...l.(...zeZC...Y..._}.A.V6.&.J.....g...2..X......U.t2q?K.i.S....>I.z,....\.......CQ]wRy...t.s..:....x.-.+.....p.........d2.D^7K.:...G8|.K...1g.>.:kJ..-.P.e}#..c.q.......zd..D.;.Bo9$.K... ....^.}q?U.B.T...r@.'.=...W=....[}....oT..@....{;W..y9..u..w.a..h$...SawR.e...

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):168032
                                                                                    Entropy (8bit):7.9989258568483415
                                                                                    Encrypted:true
                                                                                    SSDEEP:3072:sv96AKhCW3g5J2tfxU9Tyjw2g2K/gaiQFUESaQqLlSpRLTXLW73dXnZ:/EW3gH2XU9G02gv5igSk6L+ZXZ
                                                                                    MD5:B829C4815B0E0F2273EDC7F0ED3B3AD1
                                                                                    SHA1:B48CCACDE816E72F351F6DDAC52572C3E4BC5AB8
                                                                                    SHA-256:248C0C5469A4986BE50594AC5AE14D99EEF973743E7B6E08911F9FA1291068BE
                                                                                    SHA-512:9EF05F8499AFD71751B7FC7179DA195819B503AB3AF18744CBD971785C7B14B7D0DBEF3C30702750E1127EB8DB74FBF8863D590512E30C96B40582BA4070E731
                                                                                    Malicious:true
                                                                                    Reputation:low
                                                                                    Preview:.M6.ZQ>.E........9L..i..oa...Q.a..oe..t|cH...b..$.H.i3-.`=g;>.|..........(...x.@..D.3..?ID5..|..KGy.....4...E.ID..2...=Rd.(5......V....a%i.;((....x.ZfDS*...J..%../.p%.H.j%.......`m..,)..TZwY:....<.u.8:u.q...95=........;..QJ......f'.\..}M.............A-<...C...P..f.'.'.#.2.W]h..%.+ma.....1..(4Y....Wg..........H."...=.fJ.[...QQ...Gh>.+mz.......5..q%..gI..LXQ\.....xP+...Zti.#.n...K.M&/...^Yl.b,.*.u......J...j~Q.72...6..../@..A.<0F9..H...r.......[..n;.E!Ooh.m.jDi.}....+..`.~.bN...b....MO..!..D<.....S|..G..X..............CyN..J........2$..K.L.Q..p[..z......UG...... "`^.}._;(....}.& .}t-.c,..'.."4.Zv..3G.n.x."e....b.//...Q@.....g..9...' R..`...@.xnf`*.T.\g`.D..I6E.!/.......?r........8.(...t=..!),J.......H;.G...*.]x..m%A...-.7.T.xS_.v)J.=/..K.m.'..3.."s..!..Bt.Hv...]v.Lq.;p3..H...W(.o..U....V..........}$+..8..3...,?... ....v,,N.c.,3Z.cB.is.4..)..".2.5....;...r}...5u9.X.P..}..1.L._....^..e.TW..({....6l....F@%sV.l....%..e(....m.G......m.A..

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):980064
                                                                                    Entropy (8bit):7.9997987198625875
                                                                                    Encrypted:true
                                                                                    SSDEEP:24576:rm/EH+y5Vq/hH0RyTbiLhsYn6Ec7NwiB/+Iv:rxHXe90RyTfY6XwiBWi
                                                                                    MD5:BCFDA3DDA73C8A931BBDCBBC301A7056
                                                                                    SHA1:5C072FFF07032623CD50D03C5AC413F23C6E3EC9
                                                                                    SHA-256:94A822896DC594B1C1438146CED27F37A291FB347CB5D3982E6A2AEA8570411D
                                                                                    SHA-512:A6663149F953B5994B61A9055157520F8BFE6E5517589907CDBA3E533DB7B8B21D8C63E96149DD0DBA6C6A0A5B5F6CE702AE7883E06E5289415D991105F11D49
                                                                                    Malicious:true
                                                                                    Reputation:low
                                                                                    Preview:_.t{Y.t.'....5(*..E.a..#..h......tc=..L...e.C.....)\......[.*..0....k;......m.e..u-.2.f..4.b.R.<..5m.w....$.!.W....b....}h....w..l..&..A%].[.l....au.b.M..| 6]..N.....\..!.e...7w....#@w@..`.Q:./J...|..6.x..x.;.Gw."99...nj...t....x.cyF..E..h}R.M..o.tS ........d...L......Va2.D.`|..B:.J...JQIpf..c'..`....N8>.U|.T&k...x[..2E!....V..Q...y...W.UG....4.......V.^.._.....9.b[j7....Jg.E4.i....% .^...2K5H.K..<....R...S.&..............E...yA.x..)..4|.~......}.O..3x).C.b.w....s..{'..5..Q.(T.H..m*...5..q0._(R..}+...(..%.{...SI.cj...i.E..**.3S$..:7...0'..*.N.]FQ..|.4Rv...{.."@v.ST7.,b..&...*6mF..1%.h+...o/4E5...X.?....n...ntV..t....:n5\~.e.....P..@xn.s..YJ.E....R......v.*.U...|.m..Y....R....u..0t.T.h.}O.....p.W..iN..................%....M.....5.2w._....e..lY...?.G;..F.yoG..}$L=.kOY]..DE...D.0E......6...)..:.8......>O.yn.W...H^....'*.{.....z..i..6..2@.I.W.;.1U...}.P...Jj<.h...i.....M..,L."b.....~....T.!R<...LF.;....!.F1I.4....FX....g.0"....y.U...~w..\.

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):138848
                                                                                    Entropy (8bit):7.998660779511049
                                                                                    Encrypted:true
                                                                                    SSDEEP:3072:Vq8JXNqIp/z3wQbTyFsrRp1Kwq4aTDG8P1cuyfiPFgF0tBs:DJwI53vtr4ZDBQfidc0tO
                                                                                    MD5:FB4ECB3A6F049D24328632B35FFF35D1
                                                                                    SHA1:E6647218E86FD1B8D17099B450B4FD48649E3D4C
                                                                                    SHA-256:24DEF853EC44AC452284B3DF1AB81A8EC0795B2B86EF18C2FD4039D346943288
                                                                                    SHA-512:07FFE7DBE6F6CDAC985B5FE41D6132DACD18BF8B53404EA955CE0D8E417F9A98CFEDC5FBF24CD250EA06A47A4241E626F3C8586727E5E339FB036ECF4E2031DD
                                                                                    Malicious:true
                                                                                    Reputation:low
                                                                                    Preview:N.x4\...p....fN!......,..l7.E.zZ..n.........J....8b..q.hl"RM.....^;...O..k.F.M....m'.k#....;a."...#......c.x.m.o......L.....H....3].....n..:..Z...L.v...8v-.7..-..W....a.b7.a..M..%.2..1..?....F_...F#....6.._.&..J....>i.....n&..3.*)...@...Yt..G.....xg%c..-.7.3.R:d.5.....VR...... B...f\a.?........?>1...e!.....<...v.w.}...0.Qy^i....D...O....<...eRg...:C.....t./.1%S..'(B^..W[x...u.(R&%..8h.*{.*I]....tCz#.WC.. [.e.k.EM.4....K_.l<.)>W8XG....V9..5....k.j....V?.K..o..&.....+@.-..K!.u.E..b..4,...n|N.E"T......|L..)...qy_R....:......c;.I...u...`.Q .5m5..Yp!...A......9.F.-.i.....{..&/e:...d...9.n.....{h.L..:o....x......a..#I."..U..w...{.S...)........F....W....3Qq.s.$...D7)..C.d..,W..b..P.p!.... %......I.....E..>[.....Z.-x..........@...-.4.z.'.c....GB....k........r..N.*......OP+.K&`...V.M.....x.+..&.k>..zP,...9N.7.>.rNE.....[....C`....K.....C......|r.E%-.e.:~t....t.yU~..?E~.M!2.V...e+G..W.<...I_...\gc.....*f...[.......d...K@.... .,._.P..Zz|

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGM.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):5409888
                                                                                    Entropy (8bit):7.99996858775161
                                                                                    Encrypted:true
                                                                                    SSDEEP:98304:DwO0F6LmivX/+7s6+XYixdRoO5O1zP0fj6aE9jhnnQtx0:D4F6LjG7I9xur8Wpb
                                                                                    MD5:3DD20779F7E9A2A30F8E88E34621AAEB
                                                                                    SHA1:7D308A127813987CC200633B2D050A9D0A46EE37
                                                                                    SHA-256:CBCBCFC337086BF2334A85CABC4884FFE8B5288BC1ECD187F4219804B4E73826
                                                                                    SHA-512:6CD5CC6C2AFDF22270EA68007D296EBF046728485F7149DDA477391B32865A6CDB6A6CE534950239FB0EA2074133AB3D49FE2A1720B03430BD162151200C2C81
                                                                                    Malicious:true
                                                                                    Reputation:low
                                                                                    Preview:7.O.......G#&T#..gfd..H..Ynl.B..u.V..... ...m.X.A...vS..j..q.....w&..[..U.(.".0..V.....6..z.nJ.W...SO...[........<g.d.......gT....n.....$.2).cC..S&........'....w.i. .....,=(.u-......&.l.(......*yI..'...n..v.y....o....U..F...z.G~...[..e.S......+.. ...]...~.........N..].o.cT[....8'..V.[l.?..b...r.W7...F2...`......t#...G.\...m......SO.x.DPt.".O..e0..Y.vRT...8w...*ZV.a....0...i.LX$...H...CP._4........Z"[...q...Ytr.7.........n.uD.. ...k...)...9>.v".8B.E.G....68WU.S....>GH...0........d.8..._..CL.F....o......!v..W!.G....er..%......^.(..../.....~B....N..)z..<..p)..=.7....D.O...&..h73..m.Y(...h......#....4....K@..!K..q.......h..>8.Q.......^I....W...S.x.2V..'3.{we.u.p1..........<.T'..rz....=..#WD+...R...a_{[.2......9...Cu.-:.....A...K(0.MM.Qh.|...3....9.k..|c....h...q.5Kg..s._e.....WF...t......&/b......4....5T....A.vIG"E`.?~....5.r..%...g(N.A*..........pg.V.O^Mx._d.P.WLI.(..T..Dofo^...U.9..dx..X.~.Sv....2,#]...R...E.+S......C..#..@m{.&....

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGMGPUOptIn.ini.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1760
                                                                                    Entropy (8bit):7.898469436897387
                                                                                    Encrypted:false
                                                                                    SSDEEP:48:FTddj2eAaPUzE+4UgW5jcIHqVlUKRgNqZT6haCIWOr:FT+b5dT5jKDU14UP8
                                                                                    MD5:A65F9FD8F1D18AE545490911F209C4E2
                                                                                    SHA1:AC0B1418E9929F1E531867E39DBA8F26C003C81A
                                                                                    SHA-256:664300EDDB1F38B13CBDDFE4424F88B3A36D139A2AB1ECE55C95A045C047814E
                                                                                    SHA-512:37701A8CE9B5F5BE04780149DD3E9979BD73A3F8D6B90509336B36DF04475BFC9C0842103894B517BE6BBDAA4319FB792A320AD154BC5D930097C3601E0D2600
                                                                                    Malicious:false
                                                                                    Reputation:low
                                                                                    Preview:.A>.TRI..z.......F...<.i.}.......:r8....*/.yZ..^(H.......Ft]......C...7......=. .S8..v...L.,......R9!...S....^Z.A.ny...!......]......j+.._.-.`.[B.L..t.|..>AX....{!.&....v(...~a.O..S..?Q....G<..h.h.%:a..k.ml.p..*'.rm.W';.U...$...1q-.r.].....[.@.....~c.E...........W._..-..i..4.h]...k5.q.B]T..l..ECd..:*../.~Z^.).^u..Ij..9@L..>aF....*.Q\o.a.NV.}_q.m.:.@......aY.xul.F.X..tv.o*.2.S=...NY.... ..dH.JB.!y..6. {.s.85.. ._...bh......2=..5..K]lX.X.............&.....6>..._..?..~.......N,k..aw..6Y....FW.c.....O.rI........d..u|..z."....F.a........(..PX....e.v.*..5G..:@..N..n......G..O.....6~..t.P.c.}..e>.o....Xa..}..[..w.a4.......~B.....4pn.}As5_...5b....m.k.l$...b=....v.(.L.l.....YG.g.Q..I)pe..}.yj.......[.0..b.).n.U.@u.....;7.e..t...5}.~ej.`../.&..... ....a.+....^i.e._z.....lQb.{....JB......"....^....L..S/....T:...p.*l....D.\%.d..!2`..4.x.....>.o.b...T+.6.d........|r*jr.....i....n.sD...Q...R.`...A(#.....7 "rA.F$s...jn...5....... ....8..ZuU.=.q..:.[

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIDE.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):2656288
                                                                                    Entropy (8bit):7.999937973792227
                                                                                    Encrypted:true
                                                                                    SSDEEP:49152:V4SakkA5+M/N/xGwZmNgFsGVdGTVPdWgViVqZy0BpbIWJZ8NZZ/N0eQR:qSakkAF7ig+GV4TVxMfEbIJL/c
                                                                                    MD5:7E84ABDE8B28D8FAB686CE8B65F71A8B
                                                                                    SHA1:BD7AE5BEA8F072E974E640A01D462348C5B22A7D
                                                                                    SHA-256:AC69F90409E880A016649B58D5923C648F86B5DE23A94264D3D48D9C3FCDC82A
                                                                                    SHA-512:FB89EF1B559AA362BEFC86475B10015B0955A03B2E93826F5C3A5C7414A26DF0FFE27D86BF01A31DCFB6A6B82EF6E31C074CDA34A5197E54E942422A4FCBA4EA
                                                                                    Malicious:true
                                                                                    Reputation:low
                                                                                    Preview:.k.2!.[..5..eZ.}?.....lkt..d..[.....R.<...q..JWi.+..L ..w^V4..%.o.6.T...W..............>....].f.IUT..6..........IT..7k[..C..r.=u.rb..g....#...?....4...3.K2.L<........,....m..}Z.P7@7.{]..^wR......S.4.W.Nm..h...(......S+..Q..C..aY.N..$.K.^..}.....g.p#...E~!..K%..T.a._....a..0...w...FkaNh@!P.E.....8..Z<s......jj.....}=$./K..W....?lO.$.D.....x>........d.9.,.......!....C./..sD..J...g.C..!.t..%..]..XB.O.g.L.n.P.(Gm..._>./.$$.-...E.l.wP.@.a..P^...q..Q....{..f+...^...x....".>.\m.i.WP..._..yo.._Mbo...8g..C....$...;.i.....Cd.....N!....}.=e}...@.2~...C.....NQ....?.c>(VZ=.......G...-...%0.I..../.<..G"....HC+.S..r..`.(..k...L.............J"rs1..t9.ce.?....3$..A;.....1....f....6..*9].... .....59..4u1B.sW......h......q..0.h...`7..'....#...O.5n'...+#.3.7.0.9.P....2W.@.0....o......\......I.k1%;..D....bj.$....,.8.!.Srg.^.v..>.w..:B..N8T.N{.w....4..........y.[..0..i..V.c.]....[.*h..z!O...c....:.I.].&..IF..iz.....[}M;...[..>.........c....\...x.....0....x....

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXE8SharedExpat.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):209440
                                                                                    Entropy (8bit):7.999113757881075
                                                                                    Encrypted:true
                                                                                    SSDEEP:6144:MGGwmmeNnGvhiQwEKqEkOQwpZnEObb77ovU:cwneNnGZgEHzOQwnjX3P
                                                                                    MD5:149CD3C338E4751D8B09E9F79D39A09E
                                                                                    SHA1:55BE5F434208A7E8A4C420308249F32ECC4BDC3D
                                                                                    SHA-256:D9F1BA2705E95B9D9A00B51C1D72F71577EC28F74FCB0695BD8E37C3D58334A3
                                                                                    SHA-512:9492FD7ABB3B6E1586D6515D563B0E96F5151FD54439BC5450A0D0539ED97B55AB5AE4ED6988AC9C33764D3DA64BC67919C9DD9652763C792B233AA81D6B6BCF
                                                                                    Malicious:true
                                                                                    Preview:.n...X7....if}g..C...1.v6...m#.....E...p....P..s.c..99._..c.<|3G..S>..[.h......A.@.h.. K.........XN5#.o..'....Y........}..1...).W....[3H.X........V...m....fs.D.xh........R.c....@gI+...P..u+'.$$..%..N/H...W..[qUO&...+l...rX...+..`/... o..mR...9.....>..\.tT..,....:..'..[.[....u.j...0...d....)..>]..j..{fP.......E.<..|!....b.n....l..U~...%6..(...!6..g..f..CJ.oM.+.....x)..Y.#.b?c.y.^..4...{.8.D/...$...\..u..sBLgA..%.......@(.r?Y....Y....{.Z......&TA.K.J.|Jm6.6..:.....Y...d.w.P...........t8.XV....:}5r..X....H.9r[]S..,>D...r..T:...U...7...q........e..........9!M....$c..\.......Ic.kQ.9.s.0.Q.....a.C. x...`..2.s..8k....Xn.`=s`.@...X%oD..q..4$7.@.3v.:.....!.....!.....q....i..6...Y.&0.....R.o.x.,}<...N.`H4Z..".:.........=...E.G.|...#V..&[....B.u...q.1.gw.t..u....V.s].E....T..._<.."..r{:!'j.......q..j..z.....p.. l..C.c...3.+^%.....PJ.._.G.vo.5+'.^.q7......1,s9{...j.......2..r.t..(d..<...7QD.C.CBt..1m...<32d.xN:.N@".9.....T{........Q.3-.5sx...Z....

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXSLE.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):700960
                                                                                    Entropy (8bit):7.99975724524376
                                                                                    Encrypted:true
                                                                                    SSDEEP:12288:PXYuhFzGjr5HlBdUzceTzWGE8ytreJS7TOXazWxbDvICaoVC2MXdjJpycH:P5h2HlBdUz1Td0r/DWxDvM2MtdccH
                                                                                    MD5:E0A37CC48A3AF39417867D7A51933940
                                                                                    SHA1:2A48A0AB33631FF3CB1386FA591123F318143279
                                                                                    SHA-256:A01780C85E1673305517D281937CD9D6B47628550B320F301BFD522E3F628BF2
                                                                                    SHA-512:DFD0E8A040CB8EB966096D3963DB9821468E8D6220FCB05456C5BD39E3E82C373AC5DC24E2D4D61A4AEE4C97B50B38C0FD4E3F08D9DBC90F9815979FADA22A5F
                                                                                    Malicious:true
                                                                                    Preview:]t5.a../Afk%y.Q. t.M.h.3..0v.....|.^a....J....(*i......M..Yk.X....f...O..../..E<3i....z+.k....1E..9.k...K.-F.7A.5Kdh..X.5.m....g....)..L...A5........U.b.i.l..M.....x...U..sp.0v...U}...f.u..5.......DP.K.L.(w.n.....'....a..s}J..:."\}..n...q8.d....o<.......l.j.4....oAd.+.=<&^)u..`..I..k..%.<x>v.....Y.f.O.D..M99.-....D...`1q..N....s6..sE7......G...3a..Y.%....0.'...g...'.U...BjQqG.;.....A.,.K...Z+.....+^9..."....M._....}.d/T.]nnlH+n.Xr...d.'...W..[rv......V. 2.5$..R0n3.Z.}.....3>B.R@.......v...3.].w..|.>].Q$Bnyx.f..S.....AA3._.OP.,PQ..J.A.D.<lL].%;...*Y...qr.V.....c...k.......ML[f.K.t.....; .<(Q7....vd..b.nO..WlS.R4..8@!.b..:.eV..#S.po..ou.wH.3....L......|.o,.....>..0..w#.....d.]<>f...2...>Q.^.T./?........._..c).........H.U.Z....R.':].P.U...Et.#.*..F..._uL..>1l.i`}.U.I.V...u.3...K.f-...'..\..7...Q..!XPhCp..w......k.2.....lLa.!`p. ..<L~pfw...rk;G...=....G..T.J.......|...p\..E....).......ca/@J...<.-.l!!.?.).H.........I..=..*...,8MVi.q.^...3=...

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\AppCenter_R.aapp.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:modified
                                                                                    Size (bytes):352
                                                                                    Entropy (8bit):7.411527162852845
                                                                                    Encrypted:false
                                                                                    SSDEEP:6:rDBsQyk9HqUGuDAtE7D4faVA6WcPNQpqPb/CsF+YUCJVOsv7ucoK3S:r+QJ9HqEcm7D4C9JFFPb/CsYXCJVOsBW
                                                                                    MD5:888609AF4406C75356C2614A8A4110AE
                                                                                    SHA1:698B87DC76D470196FD73E95B9DF4C20EC59BE36
                                                                                    SHA-256:461C44381839E57802F8A475A9BBD46F04E6D141463940B594B91FA54C53A019
                                                                                    SHA-512:7FBB94101DFE63504D9E0755CDBC26640A436F21C56EE625E29D6E45A4E31989D270DD8826EECA3BD3F0035AC36C0CA64996D70DE8BC910725999191DBF743A1
                                                                                    Malicious:false
                                                                                    Preview:x...v....2.._..W.:...(E...G..zN.j.{i8bhp...?a.A........s..u-.s..?z....G...M.J.n...^yC.6?v!....x.=.z....H....?X,..&.....(..RN]....GRG.1F;........=..{B.KC...^....8W3.. .::t....[.9._..Q.Y3.u9.V#.....<."h.S).w.Q.%G...V...........L.gu.1...q.kP....*7Q..RM_R. .E...O..2.moe..+.D..i.95u.c".!hv....f........].....IY...."8..z.G..F.)R.F..G.B..

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):299104
                                                                                    Entropy (8bit):7.999301543389887
                                                                                    Encrypted:true
                                                                                    SSDEEP:6144:6OhBTpESgM8YNCfqRhGaqX8Qc78g2PLdPCp+VZ3kE:ZBTpsqRhGaqX8Qc7iJd
                                                                                    MD5:A8A27E994CF63B23315A91292251A6CE
                                                                                    SHA1:9A3A3259339A30A58CEFEC4BFF1F5F3A1CD35335
                                                                                    SHA-256:602EBB48457A582A08B256ADBAD6048F2BB3EE5E549C56976F8B2F8C42999568
                                                                                    SHA-512:47E129C896FD07396FAC210E05A4AEA2CCFF352013476168B2D861280C2214FA305582CE56CAC5C73BB01CB93D9E6CA093E4A3AA613395783C87B68EF1A2E759
                                                                                    Malicious:true
                                                                                    Preview:[.i...>..|.....lu..?..Q.......2..8..(r.D.q.o/.N.?....:.0/....$S@....:.T...P..{'.+.fy.?{Cy...~..U..qz..Q.B..b........C.l.....NR......]cO.^...%.G.|......g.]..O..j.......[.pJAP.XW{.n2/'B|.....|.=%..R..u...z.+.F.......U.N.y.....y|L....X.n..F..N1.!.;G'.~....B.B..o.l/VA..[.).zc%n(./.0..u."....K6...m.G..5.....#x..e..W..}.g0....p..l...U....'4..\.]..".8.. ;.K..(7..o........(B....n.|....I.7%......g.a../..}..N.._..nM_(.Op......i$.....=*\p.}Y^k...q....+Ba8I.m:.......a......./....K....|2........!Nk...I...4"t...#...!...5D..?....3...^..'..]..-.h...(#R6|...7r.k#+.. .V5..W.M?..*.J9.nn.X....*).g.).q..*.:....V.......$.3..l&.U.)S.T.Y..u...S.A......`.z).?T..W......c..*....:.u.p.<.yp..OxS.I..Y..JU.B..#n=..&..).a*.fh._.L.G."..f.-IS.5.%..............A.x.Z..3.G..V..'z....@].=.z...>..?..<...........q........B..U]D........j...q....\../6...>..........u"....B.....IjuS\.M.t...+........r,..FG.......(.o..s..1.WLC..;@.U.@.mvX.BFcTBS|..?...yp....$}@.Q(.W....{".b:,

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):27702368
                                                                                    Entropy (8bit):7.99999451708176
                                                                                    Encrypted:true
                                                                                    SSDEEP:786432:9jzmPf4zst673NkmcMlaJw95Ik03bp+lVc3B4DKNji:9m3Ysa3GwGC5M3bpwV8B4WNW
                                                                                    MD5:7078926E4543B41FA365135445F551A9
                                                                                    SHA1:8CA5513D3261A9A10F72628E6AF709D79095F204
                                                                                    SHA-256:0CDC70C495E9020440111F32D7A9089769EECBE296330F27BDF64D85E6E9193D
                                                                                    SHA-512:25526E8CE812931D67EB9B6D70CF966A4D0E63DE070E76731C048202CE2E44C528F7D36EC57446887E639207EF61220C7E8B3B70A4EF21BEF3D3AD36C68E7955
                                                                                    Malicious:true
                                                                                    Preview:.s/.}W..S..E..8.1.....)5..w.~..Z..........~..G..9.g..z.'A.....~A..T....*r.(.2......(.*%U......[..].....T......H.C.n.g...Y.A.+z$1..G.<.\.[.P...........=.=.x..z>V>....!.....yP-(..t!T-b6....`..Q..{%Yj.Q\.~b^...6e{.$.\..Q.w....7...(......kkX......V.....uP.X./...f..R@H..gC.[z..8.....y..F$......kd-........Y......%?p..N.d..L../.h.o}w......Z.....x.g../...5r...R.n..$.wA4>).P.jd.~..S_...x...r....I.:..?.L.v...t+2ya.. DA....L..|.....H..B.......N7.8.....q.....dzs0,..R._......h.~.].....P...?@.........W...9;~....y.:FO.........,..Q.*.g...Xx0.5h..u.p.......?|.g0..9.?7~...0.4.0.O.. 0.1X..Db{.A~.G.z._....s. M#..{P~.T..U.F...c.[..Z..r....G.a^....pT.....)...].8..T.3..W..y:Z.cj..A"...6.P...5.[...,.W.Q...V.....,.........n...Ik.?[.....^DA...Ta.z#.c{..E...N.d..Yt....&..#r@...p...m...vX.....w........t..v.,..F~...^...4.fL.. w,D..%V..J.G......a..._.Cq..R<Od..:..TX]...9X_*...HK6.8..%....Wiw/[..._......6._....f.*.........h.A"a.../.]2=s..... .h...D..j.9....~..}.

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):2571360
                                                                                    Entropy (8bit):7.999920819347252
                                                                                    Encrypted:true
                                                                                    SSDEEP:49152:jhysSP4aZZ8b6pkIpN9hjfmleLKgXVoaGin573WDG7ZIvFTcZ8T+vrVIR:ssSgaP8MkMN9hINa55G3WZ8TKrVe
                                                                                    MD5:E1E826098B2F8B995EE9C21401D6EC37
                                                                                    SHA1:F77C2E8ACB2065F53A09AAB8BC88A42168A99248
                                                                                    SHA-256:93799F11AA423A2392E15505168C64828EA4CD13E7F7D5B523414CDCEAA4830E
                                                                                    SHA-512:F9B71C61EEB172EBEC19B92048AA2B17923D9F4A58653DEB82D8938A264F9769366221E07A204BB076A9B6FBAC2FDD92DEDE872554839450152F796D57621062
                                                                                    Malicious:true
                                                                                    Preview:.Lly..T&..yQ.kv ...1...`&.*7..Q3D..~g...$.4.KX.>F=..[.........n...M.9.=.s....P.ua..2?../m.{B..}../A....2.f?..,rb.`Z;..^../.....T....:.;...Z..W.s..(Yrp.=If..7..}.~.C.b.p.8..ki..V7.s.......&.b7.....j..E.....G......./.kY.c...S...3...Y>.s.Y....6..)..j1...#......-..S.."....J...~v......<ht.\-.4.I]^-..N.pI.n..}..!eUwi...j.......:..Y.....^.$.......X....8.R......U...9!...z..M3kR...=.}.+....k7.U...r..EV1._.....AS.-4.....n5..N,..n..A..Y..."..=.'........)..J...+.5..gx...V..K..gF.....G.#.9.wJOT..l..gD.5........a....e.Xq.Z?..=.q}hU..fk..E......Hv..v..A.`..j$.J..:.....m......,}S.`.T.5..Os.q....h.%...O...p.f..(...Q.a.B.]|[n...f.k.1......."Pi..]e.M1T(<o..E.m...b6.f...E..ywD6j.....Dw...q.....M....".>].~.....*.L...e.z..;JE....$.C............<...O_...f.,..j.E#...b.r.2....._.I....%(.i....6.V...E..e.;.x..t....x].o..F.gv....Lt...5.Nr=.$ak....M$...n...x..{_...}.}.>j.C1_6#.....V+./.4........r .i..X..._...h.....]n\.......w...j.^c.?..$.......CdZ:W...f.GZ..X9r.....df.u...

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:OpenPGP Public Key
                                                                                    Category:dropped
                                                                                    Size (bytes):30304
                                                                                    Entropy (8bit):7.994119536459694
                                                                                    Encrypted:true
                                                                                    SSDEEP:768:bFWcLVdz8kpJNOjSeTL23CcjLCX5cpgwoaZ4fClpXeKon:YcLVdQkpqjSeACcjLCXCpDom4KDeV
                                                                                    MD5:1EBC18233BA11FEE655F77D2926400AF
                                                                                    SHA1:3E1A9C0282419AE6CB1638B00802F7CACAE965CB
                                                                                    SHA-256:3F2E4D9D4E974A7D5147807B1F6C28A47ACEF90E7A6CFE3A6EED94C3B6FE8222
                                                                                    SHA-512:38DA0FF65F7D6554307048C71518653C4ABA9B7054A7E1F01EBEE46CBD78E8A8F10430C1105DDD42DE50CCE38FFEDE3A4433929D2FF9EA5A7E50468D91696200
                                                                                    Malicious:true
                                                                                    Preview:....$2~...p{:}..C.ikG.L.....%X..q.Vh.........f.?o]..d:..!.......Y...D.u .y..".....R=..E.....[.SHr...[}..mh.....+|&B..[...P...0.o.5..E....Y.r..._]<.3T...{)A..5.L....!.g.i.5..\..2.....4......B.V....EC..cp<7.JG.5..q.......t..9.d....f..9n-{/....l.|....Y....k_...*..}I...?:^.....W\.Fo..... %...[pz.e.i...}...}*o.enx....e.M.S'.,..Y.%....I.QD.s......R.=U.4G=%........'..R....g.3....7.3.q.P.2\d...".k.u...+..J9..&A..)....<@...xy.cOu.`z......V.Ul.."x{7q%.....~..b. t.,l....,.,.Ivg..<`Z..jA.J.m.........a.lA.G...b.S...Nk?..iYR/y.2.@..u....6...Cv@.Ra..J.k'..>...../.....=..S.?....P.G..I.P.d....vE.].@.S...S....'.@u.]..S..}.......uJ..6.`...L..,................uP.....a|..0.....\P.Q.@.....v...0....A......l.K.%N..R$..........T..o.7B.}?....k.u.G.X..s......Vz...'.:.;.Bpge..q"23........W&.(..%...!....(...[.....6.S.]....dd...0T..D..,zk..+..uk....,..6..5..dAc0%..9..H..u.f.-|f ~5.v.{..g_.p...f...P..2..)_...H..(..f3...,.f.~Q......(.s...Rhc_.....2.CY...yj.1.Lz.$.5..

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Res.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):16042080
                                                                                    Entropy (8bit):7.999988494975855
                                                                                    Encrypted:true
                                                                                    SSDEEP:393216:F25XFgAbBT3U1O7PlNPA8yxddq2qvJEbislXpt7vDTa:05VByO7PlNPZyxzQyislXpc
                                                                                    MD5:FDA0D50264EBB80B8982913F988C6A8A
                                                                                    SHA1:BC036FD36BC26F07B0C0EC5BF4A9D1277637D555
                                                                                    SHA-256:0A42A5DC311FB97EF9DAED1862FF6B6769E6375E7BA0287EF83D49D88F22D880
                                                                                    SHA-512:A7A8D0F2DDEA4FA1B2E8AFEA7CF9E52A71A599D14F6ABB84E008A1BC584E8689D28AD55AC173F08B389647C3A7C81D491CD60D398746CCF42B71BC113665B1B3
                                                                                    Malicious:true
                                                                                    Preview:.X.,.Q...."n.N...O%..<g.:x....X.K.@.$.F.....sp.`gW}...?.ZU.S......#..."...o^ ....-..V..T..i.h[....Z.o..]..U...q..bo...Q.1.....M2........B!.. ..9B...f..'.....\W...x.F+..........nj.......Jr....L(.....s.m!.o..N.l.x.=z..UN.'.u...;s5\."2M.....GV...o.Ds<.......JC.N.B$w..z.X.K..)|M.j_..W.a....W=}......6...EE.....'.T.8.}...B.;u^9!....:...~N..e.Fc.e.0...d..bQ.....aHf.d./{~..o..+.....qg..^..t...W.oo.\.~._.k..........gx.."...c''.(_.a4....6..........51)...xL....4.X..9..\..R.... ..A#0.... ........s"....d..'............\..'..'...-..JL.`K".c.%..].t>.(.......~u.B...V.\{....LM...W.-.,...t^.\..M...yox..s.3........7..;...,.\..e..k...z.A.... .z.w1y...X(....R...q....N....LDw..c.u*#8..[...T#.._n...gi.Ak..........P(..(..%..{.v,.&"..@g.*.....D#k..x.B......tQpUk9.qQgR8.0.o0.HUX-..rx{.3.Z.)[x..IS........g..C..Y..@.H.b...?BT._.|m..:)K...|8.-...6DT.V.v4....)Y...Q..3.n....*bn..Zg......".....)..J.3I.z.ZG..~..g........k.......T..m5.......--ZL._..De..J.......z0]!.e

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroSup64.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):116768
                                                                                    Entropy (8bit):7.998426554819618
                                                                                    Encrypted:true
                                                                                    SSDEEP:3072:LkhBW8mksWnuW/gchzBqYsj2tcuJXcB2YeQ2oqBG6zRMQxe:0BW8muR9Tq/j2tcuJsBfe6qtvE
                                                                                    MD5:14D615C64B1B045EFDE23A028365FDD6
                                                                                    SHA1:398CBE6B26E33F53F6F1DE3046BE06F29A141644
                                                                                    SHA-256:FB4A5198D23E2885255EB74C79E0F5771AAC14A7983D280F79592F1B67F33FAE
                                                                                    SHA-512:1595A87CDCD4951AACA31067451D7E19C22265BA341E80A290BF107019BA3C4FBE805A90826CC599B52A717CD7244608BC0459C14B12BF8EF179A394D85B63DD
                                                                                    Malicious:true
                                                                                    Preview:.S..s.........D.fg...f...}O..}.2......+..Oh....H`....M..|zU.....L8.......CJ..<..(;.B.5..`.6Vk..L3.@.....+4il...~.+....T..9...!C.../G(t..G>...@~.4. ..MkN.2..oS.... o..uj$.........{....U. ..l...Z..//@.../..;...*.....(f..Q.....SS..j.....4e.....?.*. =.c.i....,.O.^D~...L.A.F&i<b#I#Y.(....._..7..0Y..J.8.N5.......s.+...Ds....+x..}.1..v0...RY<....YE,S9.l..g3.yC@.P .T.<)C..s.a...J..v.P...NU..R..s......Cz....."..9G.T:1X./.....u.g.n....N..R9....s.H.zG}...O..Nc.{..cv.........M..Wy.../...y....Jj.%.D..Q.C..4#..C4~3... n.}.k.....[........u[.....r.I.\#u..0.=Z.z.."..^b<...w...2g9.=..r........Kp5h......;i.Q..5.9....OaC.4.e..GK1..s.L%.MU.I.!..........<~.7..^..N..B..a..l.O?..;.s.......0XyK...........w..z&((05X.X......N......u.k.>...6:....?f.hmR..v?..b..!X*...zNpC}..60.^3..#..'<.k..../.f.W.PL..!.'...-...]..../<.&_<-*.>..).j.s.}Q&\.U.e.-.w....y..z.s.8.U.3.h.b.H.....#.....b.UV"......./}.f...y.-0...fk..r..aV2/...t...F.wY}[...a.$O.V.@.........K..C&?!.~.I.......N..I.#.3.Y

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):48736
                                                                                    Entropy (8bit):7.9956080565885665
                                                                                    Encrypted:true
                                                                                    SSDEEP:768:d3c9LDRt6YE2WtEfWvF/WCHCQAzp/WlRYagsdepeo5eKHFOMj4S2IDDu3wA9g3ok:d3cZqj2RfO1DRcYo8KsMj4SHD2Uobdq
                                                                                    MD5:358A4EB044E8158095B6AB22930F84A8
                                                                                    SHA1:04D3FD9EC8B3401B0DBC545C77F79B848BEE5688
                                                                                    SHA-256:B94D0B7B0FC65B3DD03FC16CB6D8CB295BFDC2E25B0EA8C8899493B45DE9C5B2
                                                                                    SHA-512:6B6BD5BF1A97FFEA021DC72DFDB408108798CDE090CFE7472EF1F800FAFE386956BFCEBFA1ABF40A74737027B8E273606C068D3471D427D4D6C327B40ECC756F
                                                                                    Malicious:true
                                                                                    Preview:G....m.e...DO.[.hp.i.z[~4f......n.B.'<]...*.......9%.o...r4........6.a...`Rt....K.Q*__o.I.&.......F.>c:Y.f.P(.4..._v^..f....zr?.%.>.G..#.Y..;~..L.?-......m..}j2.uVY.?0_l...bYz....Q....&..p6>....8..2.......!.%D......zB..../...*% .-..Km.=.../.Xg..UL..[..k..bS..`.tD2C...d..p}...>/..o...k+b..././..P@L..x....}.Js...(p./H..J...L$X....Z/5.k+.m...H...?...4...f.:Q.{/e....C.{.+M.$...{.P..e.F;.....M.t.w}..+...}.c4.].X.B...}...Fr.*.J...XM.......$.].'4..0.H.[.5t..o#.K..."p..Tl..A..eP.E....3....v.Gi...jC.8..P....6...q`.H.y..... .~..... Q..&@...Z.z'..9:.%.`\L..[5.........u.L..@.b..s..%K.f.......`;.......q.. .[.^..G..57..XM.cS.a......}..F>LNtgT.I..5r....1....}.{.Hb....I..7(...\!.0;.r...........Cp&..F.`..S...J.....|}.I....Q..e......l.rr......|..{.W......{..:xc&..b...W.n...Ai(;9...$n.X...y.I.j.#..m..m.8.o...fm'v.1.*....D...x'.I....t..#......I........'B"0..V.=..A....\ut...j.Z&...;.Z...h.u!..8.x,@F.[..M.!....C.~..h..k.+/..*..0....}.nZ\...Jz....R9..G.0.v.~....

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Acrofx32.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):93280
                                                                                    Entropy (8bit):7.997773334712203
                                                                                    Encrypted:true
                                                                                    SSDEEP:1536:kC3uAGoJtfMktgtSiyOVbx5qObwn2RxB+E1tCKUzGhdmfJgQyhJwVrtLZ5RTJ:OWJSi8oObwnG7+EyKUahdgO+Z7TJ
                                                                                    MD5:2BE3120CD62569C813AFB0D830DC5C53
                                                                                    SHA1:933AD28C1AF41BE777AC69B8C564C735E8913131
                                                                                    SHA-256:5A03EF0F088A5EFFC3056EDAE9F9C41DD34BB7496D442C4C257FA75ADC80F05C
                                                                                    SHA-512:38C24019E5BC14052CE8A06A25FF4A54FD98460564399EDE04D2DE7ECBF0448A0F45EBFF5CD4850442E896FD0EFA206400C11E8050EA0BC545A00238BF92EFD4
                                                                                    Malicious:true
                                                                                    Preview:.8.UY..0! .....d.....Af.|~.;..7......jG.<.YP... .bqR[...f16|M.itj..>c..H....["...Q.:....[.{.p:.lR....o.D.e .3Kv;d...(k...".....~..X2..d.n..Y.5.&.U..}....T..-... ....Y....0./12C.I.~!b.zr...ZW.I.[A7.ZP..-...tn....~.....aB..D.}..iS.G8..j.Tfo......^YX....d.%!.kl.rai.-r6..X...."h...:9'.jX..T.=I..)..i]X.!.M).....i.<...z...h..A.p.V*.Y!....*....."...ER.."........e...U....@..'.9.Z..W....K..n.;lY....d.#.#..3..d...a.....t.kI.c^~.0.a`.B`U..m.L...4<...3P...O.....1T7...H...-.....[.:..h}....k1{85....7..v7.%...\.<~3..!...i..'..<.O...(y.".me.)Z.S......<a...@.jc.sn...1PTM.2.._[q_.xWL.....T.k,...ph...|4..A.X.dn....9.?.y..v...W3.x.X......g..;.t.\..._VfKD..v...um.Mu..e...}...U:.V...:....~..~..FN.Y...g..'}g..U.PDDpM4.........w..H..(..H...w.. .+E5....G.j.B....4..q^.<)..S.4.8.3.60..d..1................\r>.Qra......6P........*nX.....7..fd..p.<.T...,$V.`lWH...%.A..%.1.~.......~....[1...|w..v....o<.Q5......AP...;.+y.....4.r4...l..........v......J.0FM..4a:.)#.h..+!=bW#T

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Adobe.Reader.Dependencies.manifest.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1856
                                                                                    Entropy (8bit):7.898036606895433
                                                                                    Encrypted:false
                                                                                    SSDEEP:48:HsDxr/QAY+5zLFUClZzVtMN8lpbBKGCd2yTtEDNIZuK0Vi:ExMAY+tFUCvBiN8lpbzCdPtEOZb
                                                                                    MD5:51642008BE7DAC5E4527E140630827E5
                                                                                    SHA1:A47C1228BB12B6EE6D56B1A20B89753C7EE413A5
                                                                                    SHA-256:39D3401E1BECBD17FE95CBF8464003F049E47F2A7D41023A7018D63DAE09941B
                                                                                    SHA-512:8649F3CC3B915BBC73606B61C1F606915C9CC6CDEAA966FF63BF5567BEDD0517E1396270FD429020BE839BC317768F87472B8C4E2B5C998CA8B9AE445D34CA0E
                                                                                    Malicious:false
                                                                                    Preview:-C..*..\.A./..M?....A....z2.7B.#K.....c.}../.S.....Y......)6...........>B.Y...j!q1{&.....6/x..3.>!..O@~..z.m....'P....7....4..t.#..io..+].k...a.{.i....3O.Q}....".......W.60.B.rL.`~C=......o..>...y4.l....P.<...KO.t..fQj.>....3..7.......j......? R..*..^c.......Q....E@.....(.+]m....C.l...........w._@.@$0.]....\}.5._c;}R..$.1..7.....:..9...v.^6..V...7ZF.....%%..K}.;.R*...B...f...%...-..~. .....Q2.......wD.5..N.Fw.3<.u8.]...W......u..5I....<...?.E.........R?.zS..3ZIG..S...=(m.Q!.U.C.H?9Aa.............1@.!#...sAeM..;...IC_...^.H........UAe..B.E.@|6...]P!...=EK.....D."dm......*Q@..!...yq.....[k.D....Z..j..j5Jx.....R.$..G...~@w..Y..."x...x.k..g.._Q..r.le.@&.U..A.p<...z7..l2(.r..c(.f....-.q...`.4....S.7.N.]..J~K..A...;S...2....Yg...I...QqXVE....<..@...t..P......wpN-..2d..Yo.v8;.V...B.|.E.8.q.a.+..\.v...Y..q#_+!Y'....X(A-%5Wr.c&r.&(...J.F..j..q.N.......6:=......6..}uvS...+n........S!u...A....S....>..`....,}....`.[..U...3'T..NL.V....|..U..?.w..

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):6110816
                                                                                    Entropy (8bit):7.999965617135308
                                                                                    Encrypted:true
                                                                                    SSDEEP:98304:B7PYVkKeHC59t/6xqTloRdCNbMfN5qbnW6S4bCBGrOt6Xo0eZnNmGUjfZrI9zYh:BDYEoD6xq+RdClMyxS5cXJeZNIjfh8q
                                                                                    MD5:D3AAF3881E9B02F9012DEDEDA5C0AD45
                                                                                    SHA1:76222C0323FA949AC30D53F57243BA21D398E4A0
                                                                                    SHA-256:2BF811B9901261C5BE6A119E89AB725D249BBAF5365E457353597B44D230D2CB
                                                                                    SHA-512:723155621F2F8415AD6B0319D6230296BE42AB5575CF86B83A8A368FEC57426E6550EF7D6A05C3CBA406FA564597C3EFCC94D889E4DDADDEA8BD8E285070DC68
                                                                                    Malicious:true
                                                                                    Preview:....k....:Y..;..h...G..r..I.O.T.....~y..I.....?.p........E~.vJoS oU..f.......iP..!.hc...Q5he.%...#.5.....y..T..s.w.ARE.+....rJv..A.....R..?..C_.5.2b.L.Q......y..'.T..W.(T....h).S..)-.#R.H.zk...[.L I.G..W..!4....p...Y.b.E.9..0.EG.._p[.*./p 'u.....3.)R|{.|..?8...@..p._.&....:..A.....t..y.qT...];L:.4.em...@].,s2....*..]...u..Z7o.....T....R......X..6PF...}...v.*.}t....6..........jW[s.....].r..x.q...R[..5.4...gegd&v.....mx.6E'...&\...-..+....bP....Q.+....sNw..CL..6..HF...L.R.^.%.-k.....D|.L.(.../@A/..|.0..7..V[.lg...=..Q.4i..E.x.{O?d..4(.$......&{uV../..R/.PRa0.....d.b..........c.....O.d......wm4.8.S|.%....A.......*m;......C..M...........I..b.x....e2x...#N/..m......u....{.R/*......a.6k...|.....F/......(.Q...b..y1~i....{..}.m....<G.Kr.~...B..lW.*....A$=...Ws..7....d:.F.. .y.y.H.[p..D.n.(.....+...]......*.D?..SJ:v.....].,....HG.....%.D..V.b.Z7......../.....y..g.a6OV\...TD..M.jo9.....r."..._.._..71.l.4...G..."lT...CIj}.`.O=._.B0\.2!.u6.T..Y.

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeLinguistic.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):527904
                                                                                    Entropy (8bit):7.999665437903488
                                                                                    Encrypted:true
                                                                                    SSDEEP:12288:eMOwB0HCYDg8YFFYTk/ICJ6VdhFdCCjlyZeZIR4pjjsRG:eLHCKyFuv7dhTColyZe91
                                                                                    MD5:11CC7C6C1259672F43103924E45C2557
                                                                                    SHA1:18A783D359D6E3260E1A0E96DCB969975A60CB27
                                                                                    SHA-256:68F1A23DC5B503C7D221310A99FC465FBC19026C351BF2D3C727955AE72E4536
                                                                                    SHA-512:D94EE64C453333B62E4609F26D96719978BB8CB83411374D7B4F8709280E92FEA99C1336CFF14B6EC4F6F69F972A0DD5A535DC72D3E7AEA50631A4B8DF55E1D4
                                                                                    Malicious:true
                                                                                    Preview:.S.R_.H&.#a4 .....z..(.?KUR{A.....7..F...>{qC.>y................'..W..B./Q....."F`....z.......l.k.........G..MMy{z.C....'...Yc..#..y..J.5..!.H.[_N9.D..Q../. .g.+m+2........%\.c..j'..R#.3..fp!....}. L.............WK..R.....0.Z...T2..w..`T.V:.2.Z.y.2.o....^..~...)E.,.N.{?.sP.].N...r{.X-3...p...r..^....m.V..-..\....._..'&Fp....F.,.%C..2J../...%r....T.4....)....|G/.c..).n'..@.....A.2Z7.kKn.......)...,.#jnf.-.K....n....aK...,..{.E......p..$..~U...............=..'.........$ld.4y8...R..\gt....d...p.A.......F80I..uk.K....F5...Qp.......4A_...n....LF..../.T-d..C.O.x7....c........M.e:.....[.+A...(G/............R...\.. ..cr.!.B......3.P.Yv.w.A-..@..6.;...n.F._9......O.P.>Q....R.{.......c....1;Y.....u....3..1i.J...C...Ij..t....:b..jr....g.K...y...P.Z..'.......}.h`...Dm.._.l....>.I..p...2.r....../..^....U..AL.).z.|.G..=.h........@$..h....eke.lj..L.2.2sV....:......l.U..p.;...w;y;....b.N........hNe...~.5 ...1....P.'.|.A,t..2~[...!

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeXMP.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):477216
                                                                                    Entropy (8bit):7.9995508632211765
                                                                                    Encrypted:true
                                                                                    SSDEEP:12288:LR560mste1/M+gDForaKNNIpr15FRLWPzw7AIb07LKTqg:l56nsoFMt7eIpr15LSLwE9Sh
                                                                                    MD5:917FF933299A4B1A2240C2BCC23C5A69
                                                                                    SHA1:4DB2AB9DEB33B6F426DC040D0C9EC09EC13EE6CD
                                                                                    SHA-256:EB63951C439266AB4C537D2C7BF82424464CEDD4DE63F1C0BDDB6570766608D9
                                                                                    SHA-512:EBBD4C0227A388DD830EFC4122ED9ACD943227A7D1AB049B652C81DF062BBFD25473FF298024ADF1C25578349EC0182D1DFB5C092E66EEA9FFFEF2B5FB6E57D0
                                                                                    Malicious:true
                                                                                    Preview:..x..bE.5.>....>j....5.Q.[o..OX../k&d.EpNb.C!/.....-.+Z..e.S..6j.z0.{f.....9Ad.duR..~...{...Y.O.#......A.....W].,....(.....X.m..\..(.8>>.V.M.^.z.Y...Ln?r.........P.1:Q4.hy..c..(i...=7..t6......._...XU..-EQk.p..../76...G|.....!.'_.\d..KL.k.....x ...ygMb..I.....M`..8~6....~.R..<.o....?....f.z.....!)O~......J..b.x..R'd.).@... ."0.AV........ygN.Z.KL...L..a).....t..I....S0).q.T4E..zr.*....Y..7| :4......-..+7.sSt..].V;..n.]|..T...>.#..T..l..q..S.@.B....n..m..9.2.}.k......5...N&1.BE..R&...........p..K.i.. .:.`.l.[..6.Q ._.Q.#.Y4.j.. ......t...M..:....4w.O....X...t.;Q...v}e7S.....=..7[4....P...M....p.sgW.q.."n.8..f7.)...[...w..a....[.VEb|Hv..F..q....U...L..F.....2?.=..._....2v.9P.d..0.5.......|S".[<...7n..F.~..;..'1.J.v...g:.z7...+........l!.4...D5... !&e..'J.OAu..[pv..3.a.....60d..l".M....!......w...........k'.L.P..<]...AG.Gq...Z...y...'.8.G.../.GxHP.p...M..;.8n.P....y.h....S%...+g....X-.&...B_&...H8.eu...r...|0....s.-.....W...<.......0!.VF...X_..1bk>.u.[

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIB.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):126560
                                                                                    Entropy (8bit):7.9984609244098035
                                                                                    Encrypted:true
                                                                                    SSDEEP:3072:68TRLcjhbtrHOTrqIubEqqOVuPwbYSEKhq0CZsve/ZT7O3s:68TRLctx78qIeEqWmqBsve/9Ms
                                                                                    MD5:8B9BE91F051ECA877D9698FA912488E0
                                                                                    SHA1:806F90E9628CB1984961DA259344EAE6AF7F025B
                                                                                    SHA-256:CCEAA5FDEE90CD81486A5B9991DF620A23D0A7CBB98DEA0274D254C9025CA808
                                                                                    SHA-512:D756B942B839D6758106337E155EB7CBCAEA5C0566D0B566ABB163DB4668F59D73A0CA539F0E50B01E7B853330CF734F07777DDF7DC6F706EF93949E3448F930
                                                                                    Malicious:true
                                                                                    Preview:.U....k6J.<-.h..)vJ.^.|b.y.B{.....8. P..zC....d(4~ .H..M8...i.R$....d..Iu..\..I...."`...W.. ..#.,>PR.s.o5o..RR...=...$mQ.y...pLz...7._......n.pnQ./.s.|.Gep......p.......Q.n.....j`"...x...Y....#f.`.sq..WJ...?........\n....w-[q..m.....u.}.&U.\AA.h.".B.xt.q[...Z...}g[^G.H)....>..|.....p.l.....h.q.N...1...J.5.....Ie.Ik..>.). ..^...a.4.-....<.K..c5..)WA...yz..6.xE.}e8.....q.b......X.....!..f...Sb...U. .rd..{{...0..%...=....!..#........|...eJ.u.bZ.!.h.....KX-\.6.C]6.m.....(.u.uQ....z.n..gU........$.,....;R...H.(C..z.....u.!.hn....c..^.m...>*.....I...8.x[yM.......F.....B.%....'j....1.".*t@...o..........j..{.<...)$..n..=..A..Q....2T..Rc......Y4.vg.......%O./.....+.7.V..Q...JQ..F....-..~x..,.......d. .=A\)I.f<.. .0..=./.\...O.{....^. .4.`H....#&...A.Lk....D......dY......u|sq\pd..`....^p.SZ......Iw...smk.'#........`.I.W..........lv....-..+d...t......d...:^..........c.2.)hV..N....+{.1a.0.?..\(.. .F..)p...n.x.<....... .yDG..2.!;K..u...7'B...d>...)

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIBUtils.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):169056
                                                                                    Entropy (8bit):7.998822602056428
                                                                                    Encrypted:true
                                                                                    SSDEEP:3072:Qq56HFDcMvM2v8rzJDWj5ue/zNeLIVp1lj9nmxi4P/yWgEf18OI:QbuXs85UFNeLIT/j9nOP/zgEN89
                                                                                    MD5:5B2918A6CE350A21D82B03680F62B76B
                                                                                    SHA1:1785D91027D92C6EFBAB66CCE91C1C97F3B21A6C
                                                                                    SHA-256:393C6874EF3C593B21DEB472A12191741DDBBBB11808CBE8604C693EF0DA7575
                                                                                    SHA-512:738CC4B34904EF642D3199EEDD42BEDDE5A1F3241914A6EC2906D455CB383CF90D1A9E31CA54897ED991BC9D78693513160E953049E4F910454B2BB2F07EDAA0
                                                                                    Malicious:true
                                                                                    Preview:..J..x.U;RE....w.Z....u..4z._.Gt...m.. ....^Z.......S1.%......l.%.s...l..I.m.m1..u..mf....\%~.m.b..C...G.0.....D...j...L&/#..!m".x_H..T.{.!...O.i..0=..L..F$...Z.l.Wvh.....4..%...Vz..LM......F.}.9.v..B.?...i*.....].|.N..-cX.[.o<..j..`*!$..s..8......iOCa.}y.HxO.E.........IB.g%7+..Jl..Z.cZ8..}.&.`.."..U.4.B.B.@..}.-....V....U.....>.XQk.Eo..R.6.;v.="..V.....qid2.i.1.....7d.CsJ...n9+...p. 3.......z..Ao...2...T...n(........a...7..l.j...j..gY....51=k.?.I..%...[.v..c.OA.x-....Z...A..;.Q.......y......WuiG.E.|..@.....2^D.....`Q.m..Z|df.g.}.......i..Z.c.xW..Bc.SVU..S.....L./..........p... -U.h..2.-..r,.?..aVl.HBV..F.....dX...2.v ...V.T.Q.=...9D.6`..I.y.*......r..V...d....\...[.*..].-C.h.z.b...N..??......h...S.[.*.....zF.L.Kn..m.]~...i..B>...Z9,iF.F.H...X..hO:9...7<I...u....5.....b...^a..P.WF.~..M."^?..%.p.r.......'...:.....'......E.{.V...~.R..0.......kB..5..>.V.q.`D>U..S.Wr.M%z..s.SoT..i...7.p...../..tyU(g...I.3....R.p..Y..:.Z.....F>_)...2.uiI..

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):186880
                                                                                    Entropy (8bit):7.999068897424519
                                                                                    Encrypted:true
                                                                                    SSDEEP:3072:NZX+Bg46dX8YcW8egbnr7g5RO6u5mJZo9viBOXQVClHZ5muTdZrcGpVfooNYm8+:n+BX6dsYcW8b7gLBdJZwK3VClHZEu/ND
                                                                                    MD5:EE5D45912698189E27567C91ECA78D8C
                                                                                    SHA1:DDE1FCA1A62E45EEAF6512C715A23931EC6BFDCA
                                                                                    SHA-256:8ED9B05C944ACB21C31902B7271A323CEB2B45FFCB951770663F413F622B0249
                                                                                    SHA-512:D5E7DB73FB8732D1B784E48EB397ACC84ABE651DF71FAC043A952100738ACDF953241D0420D9298A15733B95F2B6E5A16A7FA284710E7EADEE4F32336B57ECEF
                                                                                    Malicious:true
                                                                                    Preview:..5c..n.]...F#WM.2-.C.H.!.......+.].n...l+..@S...q.A\..j...+.|u..ll-..C(t.........>.D.XO.........b...cn..XC1(..u.@.Ax,.]{._/..;..Ev!.L..........|.>.fS..<..TC.......f..P...c....`..e`:C...i.A.=I.J....\.0A/X.'.9.N.G.....8cD...>..XK./....B....<........C.......u!...[..@=1..p..+..;o.q.lF.....y.Jb?a._..n.O.@.LU....>..,.......E.A.f....Aeh../.../...U.@.l~P.X.3.../l.....K..Z.....().....4(..|T.B.^.../[.H..n&..&.....sp.~.<........oz...H..C.j.J.*Fu..b..1..z.].3J.I.u...3...?J.....+[...b.T..C..&u..W...v....U.k.8w.3.O.l......W.k.Co.zl.[.....U..........J....U...}..~kv.}..O....;EI........."I..0...&....5A....rp..K...I.....x..D......U.y...P.|...;....k.cB.xw.'....S....B..g....}-K..0.O....Hm.W.<d_..g+...Y.....'........q..T....2..EB3.8.5.r.Y....Pa ..:O.?....W..!..q..q..V..DK..L..W..#6...$....GNz.KJ..]....Q........'8..Z.e.t.6.D...H.K........<...A....:.....V.}..p...)6z.....k_..-..F.a-(..L.u@....M..t...\......3.m}..'.j...x.e.. ..y..4.._.EU.|...Ah.q....

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\CoolType.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):2927712
                                                                                    Entropy (8bit):7.999939328221064
                                                                                    Encrypted:true
                                                                                    SSDEEP:49152:0XLJqtLBqefmr5puT4wtyLCatDehLyfvoN4khpfmROzl7Sluab5YEFBtLAL4a3Cw:j24mpuTDSCaBeQvNNczl79l0fLALinsd
                                                                                    MD5:163DE7DF734FA29D783D0D14F373E2FE
                                                                                    SHA1:9E88BCF56319ECC20BBDBA00795A90C62C077F73
                                                                                    SHA-256:1DEB56EC0568E5C637DA28E103A146D86270680E71FCBEE9CDB0C059C990F0EA
                                                                                    SHA-512:099A66EE37659C3755E6C9ACAE751FD4DA57BBE94DC8A99448F7FFDC78672F64EB4637CC25047D6390A6377ED79816D7FA53960C157665D5703B7AFE808F3B64
                                                                                    Malicious:true
                                                                                    Preview:...g...d...a....%.b..9.v0.[<I..wT.".(.).A..r...|_..C....P.7^]n)f..!1...~.Ow.;..|.N..TQ'..2\.9...b......C..].#,P....e. .u..e..R2.=R.=b...|.}....p..2..n.....<.Tl...=...uA....=e..o.`....z.\7.]4.........r.[....E...}z....p!..Ou.{....$..U.n3..6..v`.1..(...........!.*d.......%..B.#.|}....e<L......h..aC:._M....{-t.X...E..nN...y.....N..k....m.M......A.y&~T3....&?.....`t)Wi....5.fwK.....+2M..Y....o+iQ..~..{.G....}.....B.p.D..X._.N[...b..O..N.pOl..A,+S...r......t.k.X..k.f....)v..p9..V..].....JI?...W.]..SR".....]m......Gg?.m....e;Mme..X.{v....7*n$w...}A.?....LI.D.i.q..'q...X...,.......D.&6^..B....9!~....J."....E.]..".7......Z..<...4p..........v..]d.......{.L......4kM.i.R..L.y.}...e/......>.`&k.........l...k......Ys...2h.t.o.....dC..M.5[.....".#..J]...vF(*.....g.U...z'.-JUU...3.......-f.U.....J..l....f.@..t}.....#..2....n.^...."...[..]..5......M,..K....R...n....B..M..#....@../?.xCQ.Z.=V.zh.l?.|...4..gi.X...;....._"@m.....,<..G..5...H5.5..........e..5

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\DirectInk.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):131616
                                                                                    Entropy (8bit):7.998596176686948
                                                                                    Encrypted:true
                                                                                    SSDEEP:3072:RsUKEqx0O24e95qOsBqUNscFPr23OzXlFqDtH3bBxfP41LJOXy6NZt5ZBUWpPx:iUVqh2t9csuPr2uXfqDJ3lxfP0LJGXn5
                                                                                    MD5:A55A8FC94B47A0D9BAE2E3F88E9CC405
                                                                                    SHA1:DCF2274108782150885743DE43F4F1FBACF1D91C
                                                                                    SHA-256:E513F7604A8DDA3E633728E3341166154ED8C56E2817B68AD0E7349BB097972D
                                                                                    SHA-512:45DFF65ED9AEF505A7D4B33B09DD191A27C4B471A54036796B05D235EBB077FA804F685E82F56D3A95A7EE2DE185129064ED6DE8B2D7540DC8DF42B197CF61F3
                                                                                    Malicious:true
                                                                                    Preview:....Vy.l2.U].e{..f.b.[=)0.f).....7e.ET....v..(4.B7.1.&.m:.WV....'V..f\..e....uQ..K]...q.SR...>....W.8..*.sD..x..m....D$..<]3..<......t.X\>\.bh.)F.]..!8.........H$.6..).$l*d.q...R.l...Ny........+^O .g....K..5$....9s.s-1....5.F....AV^7..DO.........D.'..t"...ZD|....I.P..mx.a..FJ..DX9..OP.}.\M...|.I6z.N..3..+.I.^".W...q.b.85.w.H:]h;:B.E..o57..Cp.L..q......a...i....2<...Ky..]s8Y.#..\.]......./....n~?.}u.0.Ga.....XM.._^2.o....q|..F[.....'4..../LI..|..O.nO..A.......GQ.c..SF........}y.9%.l...:Q.l..B."..%.'bL......i.^..P...O..I.u.v...s.j...D......ro......p.H.e.".Y...M.i.*|<....0..qu.....u.$.....[s....i..*h.4..<.e.9`.9e.+..G.Z....q"..P;..0eY....O.d..$%Q.+...Q..-..."..!E..;....5..Y......px....j=^.C>.h........Qb..l...+...b..}.....c.y......KlV[*.O....M.e@..>.Ef....@k...lL...+i.hk...|6s.]!....({L.E.....Hff..b...)'...C..K.Q.S...e.KfS....r....Z.s"X.1.../.....^.I..n...>..h5.n~..n1....i.....,..q....5.-q.g.c.].D.X....gCn..a....w..n].].....=.N..&YW.W.&Su.'.

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:DOS executable (COM)
                                                                                    Category:dropped
                                                                                    Size (bytes):99424
                                                                                    Entropy (8bit):7.9979614214374655
                                                                                    Encrypted:true
                                                                                    SSDEEP:1536:HRIbcPXmsQ+tL7pJ1RDnkE0e234NPRXUgDEagKnEDU3QHXosB01Zf/7PA/5AYk:ub8mYnJbnh23WJkLaVn4R3osBuf85Ax
                                                                                    MD5:31C35B01F7FCA1C0778A5716FC765628
                                                                                    SHA1:18A94BBCAC7DC1BC6F2F7F06360436E23941DE9F
                                                                                    SHA-256:DA480644BD82869B2C824B7FF659E40B36E5D3737499CF5A710F413C3912D9F0
                                                                                    SHA-512:E82DBE03344723F8AA1D56B0DD600FCFC11E0560BA1C3963853A0BBDE4C63C41F0F0078F3DF9A8CE44C9FA65ED5FF5044449FACFB9E53E866BD32BFA4A2E3C53
                                                                                    Malicious:true
                                                                                    Preview:.4..^.3+..L..-A..#....Q:3..!.?...M6rg....u...f..l/...+...y.R.......=6"N....s.(..Q.j....R.r.Z...`..3r\:.L.f.(..@..K._^=9.T....N....k3.J.tj...kH28t..e.k...v.t. ..?.L..... d:J. .5/?.VF.z....9..KW......;.]......;.....V... .;$........&\..}'T...".' ....33..Xl.ONf.P..q4.Tt.............V..%..&O;.a.Cu....>P.....l..................dq........}...........I4O,......./...Q.....%...mj....4x7D.a.i..)..,^.,..*=......@.......M......q.).<>../.(P!A.\y..=DXq.....q".H..,....8^..|.uU`gH(F.Gz...6..-:5-.x..Ai....,...A.o\..f.0.....r.....@.P..q...[..N./.".HL.7.U...|4O.}.?..n.{.F:.......$.}.|q.{.. P......I;.z.[..0%a*.E.&.)....^<........G{<.q...l.&........+....4..c.......p....F..)...........^.Al>../.A...V.*..v.W./i...uYL.]..>O\C....2|q6.s..i..'5..l7.._b.2F.:...Hr.A...@.OI......p.mz...yH.MMT..ArT>:.M..G*.u.1-........d..]@..t....i....5Va-&...>%0._.....T-.N.b2...;M.8.6....u.J...XiuLd..U?...AV..G./.H,.....%.......~eD.w....}.i..$CPw...........7G..&.zeo.'A~.].[.........ja.v.

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ExtendScript.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):662224
                                                                                    Entropy (8bit):7.9997154811114255
                                                                                    Encrypted:true
                                                                                    SSDEEP:12288:CHBmh9k5xBUWTRHELhI0Yeb7+KQWBhNbWNAeVYYp0Kw3RpgYWjR6:CH2KBl9HE9I0YKJNyueVY84vWjY
                                                                                    MD5:16DEE90036517A8E23745372ED35F33A
                                                                                    SHA1:887081EEF2760C9F2A9BE39423FD9FE0DB3DC3E2
                                                                                    SHA-256:F6AD52DF9C0CCCC45D0840A7F94F8698A978B6016CFF25E04566698E75592E96
                                                                                    SHA-512:5DE0EDA3CF1D291C7E5A8A5241700C12838B1656705191309811FEE34571C44280D39AC46522867FC61AC179356A4BAB097B5B49AF33551D4EA16FCC8053EE59
                                                                                    Malicious:true
                                                                                    Preview:..{..5..^&S@j ....`...'......[+.a.G..5.6..$I[.A*...37k...P=....l]iP.........3.<.Ro..}...6.72.D...0".9.3'`F>W.%8AM7{%....wq..@....>..".........g.r*.:I.=T.....j....P1a..+/...*p..W......u.%..<.....l.t..kr2s......_.9x.....).w..#.10.k.....@.l.......e....8..U\..a..?5.%......:...^.v.... K...8n...E..,..Ena...C{M{_...v....E.[...A..a[..]....KM.....]P5"..(.B.}.|.........z.PZU.....H..).k*n~.'..?nq^..$l...Z.%G.f..Z'<....'.qy.....g$.oK.........pt....x=G."s.........O...b.-9A.m.....Yr.Vv.z....<..(..p.h%..I..9.....U..;.t<...........#\.N........<.[.4....4.4...d.........\.E.k..c7q.. ..Q.@.ci."....].(.B6a.)2.uE/6.C.4.6..T.''_.;...b+du.-:e.<.~;....,*..(ZDo.......d.....T.&AX..Y1.~["..C9..J.}*._y(..?..........`?7.k......BwNhaQ#..Qo..R+>....U..).ls.C....{"...k...."..D...$.1a."..?s.<....=.9^...'.m....i.-.bw.a3|X.'8`7oMM.s.~..<.L.....%.I]....rnFa..U.u.8....7c".B.....m.P2.8...............jY=.x...N..>...)E.Y..G3...*6..^_.yu.K....n7... .....8.}mz.....D...........

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):218672
                                                                                    Entropy (8bit):7.9991461414694625
                                                                                    Encrypted:true
                                                                                    SSDEEP:6144:0WmOzUm+acgFyB3h2JNmrTcFKl4gzAVselNC4kggv9NVachYK:ZVUVachB3hKNmPc4uxlNJP09NVaGYK
                                                                                    MD5:CEB8A44618DA3177DD619F987BAEA1C1
                                                                                    SHA1:D0D68DE755981939186B721C2941E677F115D25B
                                                                                    SHA-256:6F234F2F8EC4540704C09098514715C894E27B5FED0AD4B448B403F263110BF3
                                                                                    SHA-512:F0A16711D139F290C20EB9F593FBB3C96BB05E9E42CF1C509FD036EA1AE645CDDE5BEA4D3DA5D5BB60CB0A293A32962C9CC5614F0D1ABF5812212A2920130775
                                                                                    Malicious:true
                                                                                    Preview:.(@./.{..k#W.L.6.!L.. 6.. {...F3...1..i{...).~...mR#....FUtJ.7=sAH.!..7.....g...;....#G1..Q.....+.d...q<v...J\../.9..K.......x.o....ck..l5..>Q\-k.`.;..o.h1.....QBpUg.....O..e.._*.{.D....N.....K./,....o...Y..............V`ds.-..o.%y.8.u......m.%0wMp..7e<M(.F[.A...r.N=J~......Wk...:.8...b........3.x[.^..)....Q.+...i.}.....V<.6.....{Pr.....6`..X..KL.2`.5[..}t.+...*gx.b.&....E..=..d4P..F.K..d.).y4.M$=.&.._...;.@...7G.=D..]?.$J.%.]?.g..bZ..J....H.K6.bpF`oXT=\.H.?vi...s....Q....L.$+.(A..T.(....J..6...aK;.'..O.}..7.'T..z...).u......B.Z.a....M...E.`B..4..!z1...{...k...m6*X&)...\...n+...G...0.`.".V.....T8&.EK.o!V...j...{.+.oi.n......R?.\k}_K..t.?..2|..A@z..D.t.+..~H.... .!w..c*5..p!.....Q........o..:.&T..^...d8.....H.....DH..x..kK...2)l..RfY.r|y......0>...u...#/P.....#...5. '.7.0.e..~.P.m.c.R...U.....;L.l......s..2,@....L.&.....J1DL..C_.9w.....5..j..>P.MX..{.-*....k... .i..;.s.!.cY..UWm...be....?....)........c.Z.....1.u.a..c......~..$(..a.+.}....Xo

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\JP2KLib.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):847456
                                                                                    Entropy (8bit):7.999785014582989
                                                                                    Encrypted:true
                                                                                    SSDEEP:24576:E0gb94M12XPNN649+U1yYcmkZQ+3lsBh3A/QLaXxttk:4RL12/X6gwmkZXlWQ/QLaXrtk
                                                                                    MD5:6A73E0BFE58CFF49D246AE598A2B471B
                                                                                    SHA1:764E22988CE9C786210336D35437969032ACB17B
                                                                                    SHA-256:14DA7B489310EBD930FE8CC78B437A653F5B023730B1C495DB8A3BB1D450B268
                                                                                    SHA-512:CC438A0400D9952867832883533E170CFAEEE56E6170E526C9F95C263EB6CE127A488AB38B224DD68CA6D313E4B4058274B2B66D76C63E6849BC66902A38134F
                                                                                    Malicious:true
                                                                                    Preview:.*o.z...D..}..!..l?>.dl..........e[.8.]......X.../..N.U.-.G.+.......!...8.9b.Q...........z..2\A...)..>...L....3<Or2.V.}.3...Yh..[m.ca..{.O.fRN? v.]/i8.....0H.I0.!..-...CqES..m..J.R.#.=.!............%7...b@.X.j.Tp..,#m../.d..<.....LK.....9I..R..d3...o}(<a.e...J..ha...O.&.....r......Fm^,u.....*.K+...>....Z.N1..f........t..T2.X.X.>.)AU.ee.|.{..;..M..=.^.\....t..M..c.......I.s...Lv8..#........+..z.a-HI..H5R.......tU.S2....t.i.a[...o!.FN=z..\.kF.@y..o....]..~.......R.u..=H,y...)!@..3R....m.A.6:k.......f...g.P..H.f'*.p...#)...M(....2...(A/.Y._.....:.8...\....U.e...@....x.Xx.../.i..._.-......<8....D.|.*..;JO...A. .N......~%..~.B.t.l.q4h..n...E.Mks.U.g#t...C...M..p"@.X.|....V.GZ...-k...<...p...""H.~..sV_uFjnY....i.....Q....:..W...F...(.....f..y@U..g/.}.}e.$...y...N..._...G...,y...C...I.x.HS2..N..xW.#..k......{R.W=.k.Z.D...M|..5.y6G.....7........X.....><..{...M..4CO.x.K...Tb{....$......p..a...,Sm:.V..=....Q.|H.....YL3.b....(.Al..|^.8. ...uI...%

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):353920
                                                                                    Entropy (8bit):7.999573025730665
                                                                                    Encrypted:true
                                                                                    SSDEEP:6144:KM16acLKv+abJ+dJzQtDQlJVXMexriX8ZFBDLADUk1UPWvyUH8RRwmYJJPPqPm:KM1aMCmDQlJVMdX0FBDaFFyUHgRIEO
                                                                                    MD5:A79F79C49AAB15F2C60CBE51B1A6D88C
                                                                                    SHA1:31CF2F53E4EC4112A6243D2FD44F9BF54BD48297
                                                                                    SHA-256:2A03FE7CEB80FAB4FE5CFF2AC2EC9047C8CD0769A113D895308CDC08FEF7CABB
                                                                                    SHA-512:3D6C7F15584C27F1E307ACB48A5C717C7CCEC926072B2E53B6B98F4F013A704220B77463F1182CD99266E9E3AA67757CB64215F35D341CE87D852BF91E33C4AC
                                                                                    Malicious:true
                                                                                    Preview:...\.a...N../q.L..D......v.a8..<.EO7lJ.%y!.....r\.6_.....n.J*.b6....e.j.,.I.a.|.......af7.....C....H.Z>...L...G...V..fq..=3m.r...(1....%....w...0y..C....Gl..(q...0...#.@..,.j..<..;>`x:...c....H...Y.{..}.3.Z....;.RT|..:.8...t.HN.Y...%..I.F.y.{......d...,5X.......6...?..A....`a0.KN....+.J...sl..c...-M......_..r._....f....C.X.....k#...tL30j....._4....s4J..&.H..S,q}(...&....<.......c:.d.<.;..:A..Xv.)gR.&...=........,^.5.>....J.f...C.yGr..v/.P.....1S}..E8.....#.m-.../.6F......"........i6.y..jW...Qr.X_#._....89])l..3..tJ3Gh..J..:...^.6.....+.4[.j..<..=...g2\Q....0.i%)z:..16.E....WoBI.....6...)+y. &J.+5...y..R.Am....e.>...m..`.....K..v"..f......D..6c\..dLJ....+._+...x$^1...+;8i..... b".cP.....M..{.....-~D.LB#....;.w.....@...!.5K...}@....C=.u.oXJ..?.s*m(...G....g+N....L....K,8...s.......`......P..l....`......>..K...l...c7(.E.U./..!...`)....e..).:.%.{... u.oS....1.!w".b....<.GF,T:.".#.J.....[U.......C...,8.X.O6;.....s.(...}.@..^}....

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Microsoft.VCLibs.x86.14.00.appx.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):612544
                                                                                    Entropy (8bit):7.999718374889097
                                                                                    Encrypted:true
                                                                                    SSDEEP:12288:sZ+SVEzHDljuxG0Ygqb6lxeScEnu9mkXKQrLVGi9RDuW4ttT5Drr:q+rDsxGtSXuIPQrLVGinuJt/Drr
                                                                                    MD5:B6FA394A119C9A4A0A718D775B508379
                                                                                    SHA1:96D043EFDD996EB6FBFCCFF532F0989004BBFB61
                                                                                    SHA-256:B8E1C431B2C140A0AC0E1D0726D396CE9936F24078CCDD15CAE6E10A637B5C92
                                                                                    SHA-512:138CB9041BAE11D630994EB1CAED7A107A89E40B5CA183360B9ABE6042834BD7092D0935B9E361178A6BE3DDFC38135301C65FBC08AD4A0C2E65EB2F0A35E645
                                                                                    Malicious:true
                                                                                    Preview:..K..El..Z...L...~.8...j\........3.....\.?.R....,.8.a.o;.f{l&.Z...Pf.L5.{nEO..f$.....yt.........*...Y..j.i*;< v]n7...%..... ../3G...&.Jp...Td..cr.,&R......jr.l..#.........YI^{.._..;...*.D........6.1..*.......%...h.Y.L...K*..7.O..@...9..6...I=.B.8.L.......v$i...g...'...S'.@....Z.S..H3...h...3..nZaY.EL;SE.......hUm..n...!$..rZ..L.....RrZ.....+.!.f..!....M..b.?.@..:.8.5.|./......o|...N..m..Uc...Jg.|.#.;_.......A'..{.S.RvLyB...F5..`..Z.w3..c.....h..2M.Qj[.2P..P.0......Q...2'ar....s._kE.|k.....>e.....R@uP..4Y..I.b..Do.G.........F |PI%..x..xq.G..X\.5>Z....^C...f..O..;...>Ha...r...a.....X...........tD.f....rnx...Z.I.......#.s.......TEk.8.Y..q.......S..q...P.<.5t."..?....%:f.V.$......-m..K).\.>..X|....O.....}1 Q.P.8&.l......f.A.H.... ..9l`..!.....f(.$|.3..p.E........dw..^.o...s..g2.$......|...[..|.8/.PAG...dP_....k.......$a.....1f..o\...p.......&6X........2.....}...F[... .>~.L..w.......j...,2J.}!cB....\.r#V..iK....gn!.,.J..4._.\.j.

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Onix32.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):763936
                                                                                    Entropy (8bit):7.999766351606914
                                                                                    Encrypted:true
                                                                                    SSDEEP:12288:Uyr2ou0In5gnGlGQjh4gzfZIkXhi4ixD0Uk8M444N2immCe4zFt:U1z/KnCGcGBMEN2vmm/
                                                                                    MD5:97D969CCF4546567246CDA30E7C7D6C1
                                                                                    SHA1:B5ED70BD167AAFECC75E314F2FEC285876551691
                                                                                    SHA-256:E09EA6209717915530DB504DA134BEC1DD975610A14F9A402F402020D5CB2256
                                                                                    SHA-512:C3FD9CF4290697475344DFE0C5B9ABAAC35C331A0D9A9E6B487868EB4F5B349F1AB411547D98AB877F0EB4FBA4337396850512225B7DEE4302388BB5F501D834
                                                                                    Malicious:true
                                                                                    Preview:....Y..nh.H......mM^.d.....<..o}.[r.......r.+.VT.....l....&.g..E.k.!.b~.#......N...\.G...$I.to...TH........W..U.*..# ...'.&..tL....tww.?...+.[.~.b.a..?...D..|t...b.3x:i;v..u.%~&.L..Q...$......(95.9.\.e.:a..}zlbVJ......p.R.#....,A....d.|..5..........U..|.A$g......^6."...3.>../.C.....................C_-....vH...t....Y...r..6.CT.>#....:.E].\.}.wD.F.._..z&.S.".~..AT.o,.|.c`....../....-..V.......S_.....G]....}...........U=.U. .pKEA.._dx.,4....Bm.u.J.j..."...3.}!z...BNx..O\.}..v.kI.,z.R|zJ.5...skY%<.,.E.&o..I.L....O...tK..O..=..a........h.l.U..$[....<.*-.`%f..6....t.img-...Kk....;.Wz....~./mg..J.\. F......d<.f..9....[...bB4RUm.>..n'.:.Fe.Mo.E.U..c...,1...S!<2|Gn9..la.!.<..x.......@%.j...y...TU..d.K...c...K\]......].@.-...0..Y.3..u.:N.....Lep..{..,.w~!<ttzh.....kG..)fj....s_t.3|.w:..N:Hv.@..V..D;.9.r|....P`..z.}.;hv.'9.>...&......SS...m3..9..$......Z.....\..^.N.....wy..("a....f.?3f.3...D_&.&..4..A.S.M..b.......j.=.../D..m.......]..A.....k..._6j

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFPrevHndlr.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):97488
                                                                                    Entropy (8bit):7.997971096570851
                                                                                    Encrypted:true
                                                                                    SSDEEP:1536:MA1Q3wEmY12DZ5yh4DToOQiyxR9g4/k6UK/1+9dKyr1cY3mAdO/4c9i3ug540Lf0:gwEH1CZI8TDHyqy2K/MKyBcY2AW5A541
                                                                                    MD5:E747891B5763AB0F50585D15DC6D6AC5
                                                                                    SHA1:CE4B70BA624215739697724A32472123EF121ADE
                                                                                    SHA-256:4078D0B86C137837BA6551A241907C3BFCA1500B7ECAD9911F58D9E32709C421
                                                                                    SHA-512:FB42654320A98A76B6F613A4C5501D43291B06CF83EDA5D803084A2C0F6FD7EEA0CED9C1A8A9F7D0BF5941AFF063F0653A4861BAE93BDC979AEC8FA027E1E07C
                                                                                    Malicious:true
                                                                                    Preview:._za...xG.d.'q...Y..`...F.O..l.!\../8.".Y....d....<S.X.(x!......u.h...b:6...gM...~n.L..X.@...b..j.X.I.;LWtb...o....&sh..]..L...@s.J:....<....YH|.f......../.....[.u..L\.~WI..E/....n.H.V.e....g:..?'.f..aI...D.X.."..Y.....LY....7..n.~9'C.{...>.7F.....H.V......R..uOF...w...6..8b#L.x.~....<Te.]*.k-..q...Vi}....../T.$..~...f..)....3.=.?......]oF....P$.nmV.....4p8.k.Su......N.*..N...G3.e?....m......a...c..N.G#TyCm..U..!.c..mL.R<4..*.y_dE[j-../...*H.M.,_.Sa....W..'.{.bQ4o./....W26.o..).x1.up%...P..n.........x\..6`..6 ..WfkK.6..%....bV..X];N'.. .G.6.@{.......p......A..;K.,.....P..e.1.)..I.b..|.......;L& .s......7.o0.p..O....l...pszR.Z..F$j....Q..b..5..:.{.G.WX..N.....N....f.U.B..qz.y/{.9.F[...t..Srt..Y..j@N.=Pj..............L.R.i...[3.Y.C|..Zo.....l..v.N.....~p..~?W.bd_FHV.5K.......V..Q.....\X0c...^..}.#J.q.\.v.'..4N.:..mR....k.@.o..@s.`.....*.p.B-.:~.r..MK!o.H./....h..3......=?J.R....N.K`yLp...C.x......W./..tlg.g..#8.S..v..X]ar4..i.....As...z........

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):468240
                                                                                    Entropy (8bit):7.999582327897034
                                                                                    Encrypted:true
                                                                                    SSDEEP:12288:rlBRGkNMjtpZo14mWhc0piWHj8/Cy0kRPxTL:JfmpZoILpiOo/Cy0yFL
                                                                                    MD5:B2BD759F8623BDF8D7DBE2D638DAA750
                                                                                    SHA1:C43EFC1A2BD919367E928D18F67B421C591C91F2
                                                                                    SHA-256:9D36973FA134268F2C930A6E6FD93E2363411CA90773F3B185026148FD336EC9
                                                                                    SHA-512:05A0EC83BEC6317D97A47D6F341D5093B842B50EF58EE94AFD5BABDD7672A7E41D77B9C8A4122D43F0706977BB89945BFF3E60CA9E09103B9B2EA52ADD332632
                                                                                    Malicious:true
                                                                                    Preview:L.f..:..........z...=S......;..?J1.V..]K..dh...@......~.P.Fh..m..Q..P......f{z4......~.!......2bN5/.8........?s...ncD..ge.. .u.A........R.`l..I.?i*I.I...5]..-GUr..%.R.8.X.-.......u.v.b.8C.....I"..(J.....!M..-{<...E..'.q....>G.(..->s.....r..@...{...-Lk......U.HJ.D... oq..j.x..e......M.^..O.q7...C[{%...l..............TP...CfA...7...H....*1zuh.....eV.\.X.!..H>...~..c.......ee.c.r#..i..O...<M*...k}O<...S..7{.....m>G..(u....2;.p..<....Z~<....g.M.0=.y......3.y.2_.C....M....-&.o....c..A..N.k:.N....G=....:.......<....Y........).".....?.q.........-\.L.8.`.aG.x...;.....N./...A....\%jI...D6.1'.u....0& .`.........'.3.!B8..|..*.va..v..M..<....U.I8.#..Z#.w.N...&.V...MZ9h....}.O=.f...8}+._S....5NK..l.....<u..d.VC..{..x.W...p.[.....\U.#...m..!.zm.../....j.....f.I.j.(.5.+X.o..g..^~.rZ.....X;'..yO..&<...E.(.h$...V.kN..a...m..n.$...-..h4E.p......;.-...g...J...e..0.... n..$$.:.IR.L.[......0a.q...|.Jf.|....#...Q...q].%...w..z..D.`.=..=......a ....@f..

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RDCNotificationClient.appx.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1824864
                                                                                    Entropy (8bit):7.999899151653636
                                                                                    Encrypted:true
                                                                                    SSDEEP:49152:T4qMfHi3ooHES9pa8y4DImv/q5/jKP5drOBd83zQ:TFiiYokcUl4Za5/exx1k
                                                                                    MD5:B29C801A2CED9FAB6695F36B7B865D63
                                                                                    SHA1:353A3398F281A79752870A8834650698E7AA386F
                                                                                    SHA-256:C31824743D3D1573290142D567873107C7A559C991FE4F3579D3A63F0765D9DF
                                                                                    SHA-512:9E740B9928E6C022A9EA890842DC474C3F291FFD7D83687DAFF757729CF5CB6F4FAD62CA7234E50A6873CE017AD2529DD3A1E1D3D31C78CD268049E28A256DFB
                                                                                    Malicious:true
                                                                                    Preview:..Q4..b8..G.e@.....[.--..-...z..y..g.ud......_..'..QV.V3+.U..o..p..Ls..UVvg.3fE..d.....G....b..\Q...^..*{.......S...?.....GB.?R...I..v..1s...7..t..y..7..?~..9_.v0.sne;t;...&lF .^.-......=...$.X..(.....!..F1,....;|I.?.>$.~..Dn..f..gZ.E....*./[.u4........|...Mp..n......p..p.".-......K..)/..-.#.T..<..u?..(...|x..5.....(.o."... $...2..7/.L.(mXZ.}.....`..ZqEL.6..1.g..G"b'....e.x..b.....a..=..q..!........T../3.....Z...L.../fix.z..v...@D.p).?J\).....L....S..u..h....)6...N.G..aC..M.*......."..s..6_.GM...h...E.>e.e...@....I..e@G........g...._...@...|...t".1.I<Y...<..l....~'...y.@0...."L.{.x(....n..=..I`.`.c..5q{..uL2d1{.=}B.O.U.........H....T....*.j._.9P..........}.....^......&...L.k...s..f.E..).{?....VrG.U.....z.p@.H..=.W.....(.....*.y7....,v..x......T.....$...L..x........v&@....*1..h.....&L.R#.8U..f........]......RC.E1..r@......g..t......Y..:.,...8P.0.l.?..'.I7nH%t..R.c3.Y.......B.r..8....[.[..X.H.E.&o.U.1.....4"M.>".*.3.C.G...

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RTC.der.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1136
                                                                                    Entropy (8bit):7.830569571879226
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:0ag/lLZ8O+issURizcqXdIyAZF1H48l9ue89XL:0flLZNssaizc0IXZF1l9AF
                                                                                    MD5:95B0690D97D63708FBF4D7615152AFFA
                                                                                    SHA1:3D41EE02F74ED83DA2B87A43AB29750F87D8AE95
                                                                                    SHA-256:9FFCB0E485B28399E62B870A4DC601E4B2FECD7000188E2F0536B896C8FD3C3A
                                                                                    SHA-512:03F505B542C83DEA653CC569C8AAA94617D6344B2D08F5880038C009F92E6124618F3EF5D2D6655E6D5D1D713319465530FBD1715F772891809F7FC38F55FC76
                                                                                    Malicious:false
                                                                                    Preview:..(9L9F.../Y..v..\....B..8........)...Q........l.Z...W-.Z.DL.PRQ.....D....ZxU..L.....?8.W.'......t.F...s..n.`.}..p........fQ.E.FIa..M..l...Tz....z...Y.$l*/.^s".UJoL.!?U.XR..T......P.h.~.Kr8.8.K.Xr..7H.!.(.1..n....=.;...i.d.....c.&.....o...SZCK.............^..p....b.^W..V.Z..3.F....2..?NmM.9].BB$.~=aI.)j......*...>..3..,.4.~.....U...B.SN..,....!...B[AhC..G.ms.JG....q..o.J2..*..Y.;.....Q.(..C..........E.\.X_.C}.x..,n..5....].e."z.zg..H.J.....O..]N..w...Qj...T..}xl.....7....>.....4..!I.s...&..'..jX.w...v............E.N\WAc.)x....+.....4._.J.SkNs{........b.O.....Y..?E^t-...sk...s.s.t...5.C.-c.?....A*..~<;C..w....hE./.*\...Yo.%E..]L.Cb.n..hH..%+.6....]\&.._&4[.A....w......Q.7?b-c...%.`t....P..As.%.....7."...{...;.}.....T..35Q.... .g..\i.x.?..U....P...k)...^.Fl.._... .|.1.c...xmn.I&.3.....c;iY-.e.A..{...9..<L.S...~..e...........>5?........r..#u.*...-.)n....m..].1..W.oe..c.......mE[.}x<-w.1X.TY6D...K.-.t..s..w..F..{..(...14.[...Wg..o.

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ScCore.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):587984
                                                                                    Entropy (8bit):7.999662330080008
                                                                                    Encrypted:true
                                                                                    SSDEEP:12288:rlCpT5pIXIGNB1j4BTjAhGXJByXv2OSrctvLjYx4FeanjmAFpqX:xCJIRQBTjzWX14chd7jLFIX
                                                                                    MD5:99FD8775661E0CB572FCD98E3491CD76
                                                                                    SHA1:E19CCE141AD494CDC52A97688F7CEFF88CBED32E
                                                                                    SHA-256:EE12DDC9C67D449AFC91564CCE29FB7124E3BB0AAC804478D114DBDA69259411
                                                                                    SHA-512:04A690842D4B636A54D6D8D778AAED3F51742F1131DF1FA89A6B3696E6C0264BD64B456681F2838AD98EDDADE312D81EC00F23222ACC57A7E84B33A9D001C26F
                                                                                    Malicious:true
                                                                                    Preview:Q...B.....6.....w..Y!....].....8n].".#.X......Y&JI...o..H..>....#9.{.5.7.m..'"p("..f....n`....+@..;?.T].,...#q#.g..zR........|...\9.pUc...J.a...;../I..pC.6.\)..o7r.......N...W&j.Z.iW]:S..........'.....2.Rp...]....T....:.......6.)...Q......Ru.......a...%....xN_.n5n...0..7.DEB..Ps........k..s.NH<8."..v,.6.L..q.0.!.....K.M....w./....4D......._o..g.4r|Z.Y.h.-B_Vx....)8f..q.N<... .Y.8j.u..j/...nCE..L.UZ.+h].l......xj3..f.A...S..7..\..^..Bd\.......G..C.wQ<q.X..C.\....Rx#}.Y........iJ....E.Jt...E..m.q.e.....72k<.. ...Lb....X2+..1.0d.K.w....\t..hy...*..V.y.8F>~fNK;........8...>..(.W.V../.=.&f.....Q.@.......l./W.T_...0?PZ....cA.s..{....d|.1..x...$...F.!*..R.....vH$...^.......5...|h...8b.'.1.....f.........e.3..Y.x.....A'.T..hy..G...3F3.AH.+.^....$..u>.....*...lJ.c.....m.....{W.V.....,..Y.V]r.k.mL~.......9F.....oc....w.x.W..d....j..y..x.;c...odH..C..=.D.}X.....h.s0.t...6H@...`|....(.]....F..0.o..zz.`..WnkI6....n...3.%....Q..u.n..Wx.e.4'...V....f...5.f+..

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ViewerPS.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):20576
                                                                                    Entropy (8bit):7.992099428527105
                                                                                    Encrypted:true
                                                                                    SSDEEP:384:sG9AMatWHHZHo9bh4ewn+RPw7z/AM5sXjID1xwOhsI4hTwnr:X9RatWHdEbiz+R4/APXUDlsI4hTM
                                                                                    MD5:79185B3764DA62A5ED8AA651CC353E3F
                                                                                    SHA1:62F12935056F595D49696BDA16D794267CEDA472
                                                                                    SHA-256:1B9A661B3957E5200AD606E2BE6640C9765771D1859D12CAF156982A80D743C5
                                                                                    SHA-512:52F6001D975B0DF6F7D13E52D3D67BC3E5A96BD21B87CF3F11F33FF215AABF75E41510F08DC09CBB911237A54ADD6539BA8919D6A6493130C2346F46A25D8105
                                                                                    Malicious:true
                                                                                    Preview:..U.......;..w...=:...X...~...3y.......(.v..$.c.(....=..T.A..d.c...C....A.2.%".}...C..$.J.j/.k.~.&3 .....n.%..yU.;.O!.xDK".Q!a8.3.&.<..#.^L42.A.~..*>=.F`%.....3.C..kb..W[..O..A.Q....Pd......\.@.n.)!DW..!.i..E.t..(....I.w..?)...x..5P9TY.@..B..w\.cn4@.Kr"....\..,..,Q..'.A.....G..`_...RA<pP2........?.V.......W.n.S.7D...7YDH...q\.....J&!}.X.S$....pR;.L.m.n..j..,"LL...-..f.V..H..H..~J.B..I.Q...D....i..#k....T.............T'.~.4r.i.7*..../.....a.'.a..}.[.N..m..z.A..............x.l..%..t.....^.pd.R...(!..RIu,.f.%.:.2=."....|*.G..l.qp.y..q..u..m.DSu..&)...j.F..u.Y%(.s.)'O5....X..9\....%<k.U...R......m?fw.+..E:S...e.... ...M#.....pU..c....o....z....w~.B.......N'Y.q@.58.2Y..&...`J8T.]..........y..h..,.B$+.%,.'...m.@.w.)(.z$.p................4@...Vh......LN`...).W.\Hb.6.+...f.../qV8........M/.Z.:f$P..1...*.M..7X.;...q..u{..f..i.Kw..N..,..V...eI....cLJL....s..B.C )....i.I.4..u....9$)..=Qs/^^&.rA.`...{.?.M..7$pI.@.....0.;..*m....^T..g...

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):77536
                                                                                    Entropy (8bit):7.997640350714366
                                                                                    Encrypted:true
                                                                                    SSDEEP:1536:9uDRubzu7i1SWqZG6knu2hhSw8L3pnUEPUTKbE4UmqhDC/8Xy:9uDRunu7i1SW6OzQ3F1MTsUmqhc9
                                                                                    MD5:FBF26E2BB945CC326A6F80C45ECA9342
                                                                                    SHA1:62A2322EC1EB2EE9C6018FC7F225FB331B95DF8F
                                                                                    SHA-256:3EB681985FE6F0373D75A4CF4C0618FD5B15E0146EC3F0E1B255A55436A05147
                                                                                    SHA-512:863D72E7EAE4E02DC5890B485A1DE91E756F05D01757C31490245EC253CE6E5D1357131718D7960BB71A521086400EC9A04502FDE0E0E7AB28155EE03E864B14
                                                                                    Malicious:true
                                                                                    Preview:_......{..u..G./Ah.}.3...d-.w..Y..".o\.].^0...#.8q."D.J.P..q.....a..M..[.(.1;mWK-F........O5..l+..^.............b.P%/....EQ.:....n.......k-].q.,Cr..8.Y.'=6.M..&.M...*.#..b......n}%..Xt..a....Y.../.G.W..0y..Q.f....U2D;X...@..&.pZ.+5.QI.YZ.C[,r.!.....=.*r].4"...[.$.....Y.`WO...Q...8.{HC.c..ihS..Q...F{.....j*.9.. ...)...-,......i.).u)..p...u...x.~[`.........".DQ..V.V.;..F.....O...xif.r.../.@+...C......<..G..Cs..._.Y..K..n.>F...a.A..n.....Z.....k..C.h,.(...&.....*S.r..&.%.Q.,,.W.h......$H...{i....%.[...k.T..N.E...?V..<...P...y.K...,M....{...".Q-..c...M^..L...ix..S.]........X........do%...8...(.........n.i..C..'+.r..gZ4L.....e......0...%|xM$..b>..Z.1~..r*T.B$.W@)'.@.(Xe.....`U6.J...XKi.>w..o "9<.6.-B.~.q..C.SG.+4.0..#0.E........8..p./.......Y._H..z..].......{...u.S\oY.6.Jj.........S.......q3x.U..A..s.I1....:...8......3@.......9.'.e..m....;.O|....\...{.)..6...P.d.>.....D.U.Op1...~/`...w......$S.p.8V./_.lD+...|..1=......cb....z....R,...e.qY!.:..2J

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\adoberfp.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):291872
                                                                                    Entropy (8bit):7.999260079265824
                                                                                    Encrypted:true
                                                                                    SSDEEP:6144:LuAfD1CqISqgsS0ncs3plvg/V8efyik8z91xciK6RICtOElT:Lu+D1CvgsnvKfFzJKUN4ElT
                                                                                    MD5:E29EFAFFFCFCE50778CE03C27AC4B3E1
                                                                                    SHA1:DB36C93002447BCC8DA05A5F8405EF764CBD66F2
                                                                                    SHA-256:588B8B78F9F998B2593AFEFC187AC4671DE2EEE634CEF8B2AD27BEAD3BBF30D8
                                                                                    SHA-512:2349B62E6F892A592951C64899E484F3164A87EF035E3BD70CEB5D23B052472F1C842BA9176E24B2E89681D68FE334FCF801EF0CB6D7D0D7CBE5CA45300DE32E
                                                                                    Malicious:true
                                                                                    Preview:X7.,5....F.4...b.Ph.[....V/.A.......>\..O.q,B...@.Wg=,..>..NaJ.A..EaC@..(...)O.....L....u^}..eH..7..VtCK0.B.Q..Q$.gO...?W....?|$@8.l.LBw8..(.......3.\..d5.-.......F.....l.3K.(.u.....|kA......m...id.}F.v......B.h.j.jv.....[b gVX.#...`....Y.QX.v.g.&*a..{1....N:v..b........q...&9o..i.&D..0.....wl_..a.!C..sC.%.iG...#........:.....8..j...(w..B..[...}.......k.........|3..h..o$.5...m.@.>Q..7......dX.L.....z..W}A_.a.2+..D.a....R9.b7\...6R...%..";.T)N:.".V.Tu>...4o....C.Z.D."..8..........3.b.t87.b...u.7.>.}]..X...o&.=..*=I..\.nL2.C.!...g.;...x."..t..........o... .R.2KW.x.\>..Z.....^}.0D...[..T..[.'.T....y..^.........''.D.h.W..C..G(..P..f#..%...y....n0....f.E....q.E..]D.....j3.z...........MM.`X.m5n....... .}.?|;.x.u_).xo..@&I..D. ..........%..x.....8.R(...{..J.n.;0.U.....t..?.5)h'sE./tV..........f.b4r..{.eB3...0....g/bG..|..."-D.....=5....O....M&.rR.,.c!.....>^.3\.?.;`Q.#_*qQ.8...DIJ%gA.....sa...`3P.S.../.x..W..l.2.j.xO.u)..Y.A_.0z....cu5(..M0...

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ahclient.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):272096
                                                                                    Entropy (8bit):7.999373756480357
                                                                                    Encrypted:true
                                                                                    SSDEEP:6144:P3UtotJ1m9+sOM9XjKSF/Go/kdBQYdNGg8LTq8FgjKNS9rfkKle1Z:PyeTe9uSdGSkAYSXRS9kKQr
                                                                                    MD5:0580BC1FA9C6FD463C48D54A5B23F832
                                                                                    SHA1:D7A08FD4CC5900D63B05E6E3F925C7417807AEAA
                                                                                    SHA-256:5E8FA3C605983C2CDD515037B8B3C39B86948BD5740B37F75BEBFD149167E94B
                                                                                    SHA-512:6FF3C9F2B94F161F0895DB0229613F29BE284B6C9A8C5C00DBC190BCC6D38F6FAA3304BA0FD3DA7E08F5467CE046488141B0CD70A51B81A35821BAB2E955A3CD
                                                                                    Malicious:true
                                                                                    Preview:.!.N..A1..2...<t...{.E\.GLpqA..brk..w.....7-...n...._.2..K{.j[T..U...S..5..g.l...\Z.qE.[..4.I..u.[EwL7?h..?.;.7...p.....r.q#R3X.-..L 2.&.Q'@ij.Y.el../z..........(..d.".pTd.Q..%M..c..,..../.f.z..a..=.Y.f.....t@...Qb....w.....s./.....T.u.T..|f...Qg........ .....)lo#.Z...4...t'H.........B.?9H.E..F>...*.MK...u.....R.(.^.a.Z...>%z!..k..fF}!.D.k-..-...5..9Xr.Y..zy. ..pA..>+..v,v.'..L<.3.E2}.W.O.s.Y...O/j.*...v.'>....s0.s....?...-v...t..u...3.....L?..%..O.."........".*..^G...n...Y.+.O.$..u.b..'..U......)..p..78|T&..:.|..ao.L.dMf...........Bl. ...fs....2l..2.&4F.._>.:-.8U...2.?.7...'.Kp*uf.>..k.]x...9.4......0C_....U.)..:$..`;..-.2..s#.X.0.o......,a.........Gg#.<][xY.+....._..m..~.\I......_4... ".P.%.C.R.._B..i..A.^&j.J...........k.hmY....6./.."qw..Q..._Tv.}....G.......46C._..6...../(.I...Vu.W...d1....Yz.6Ls....."m3..._......x....Flr.Ez...JWA...~3.I..W.D..S5Z.b..r.IM.ze.z[.p..*I.....MR..ph^./!:o..T.....Y.XD..rZ.1.<.....Q.ih.........'l..S.e.p.?.

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):86736
                                                                                    Entropy (8bit):7.997780582137122
                                                                                    Encrypted:true
                                                                                    SSDEEP:1536:NIzerjDxIiXTZVb/9wFTvjJ6rOwIuyFbhEll4B+lq3ayF/sCnjirBOia8:+zeDOiXTZh/uFTmds1EdwZhsCj6BOj8
                                                                                    MD5:01D60F55EEE4F4834468CB247BD57C80
                                                                                    SHA1:86E868810FF47E298FEE54FB2096DD6DEBB13598
                                                                                    SHA-256:DF08FF6A5B6A6F2D3BA387F0A47B625F8F80C629007468E33962984E667DF3BF
                                                                                    SHA-512:6A635A3841CC1F3B96C7D8498A0848E7FFD50754A421A719E1448DF5D050550CDB59276991F9B4761B93762BBAAE76981D8251D9E58B7A8972BA18CA685C4DB0
                                                                                    Malicious:true
                                                                                    Preview:q..Q..e..oP.~.......$.s.!|.3....11.N....*.L.@.OW..L.:........<.p...e.{.....`"b+........}./RL-..m.7..x.R.>s.I.J....O..H.V6j.wY]?.M....N.J@....V...[.W.4.S.3....3s:%e.S........<8n..qz..Q...;b0.N..5AD.....W.5c..?fu...`..&._B.R.cD.SaNVqa..z.G9...6D..%....#.z...L..0[.Jp..bR4..F..%.i..+~..v.R...b.....m...m#%.....d...mYV...:.m.)wQ..#....O.._\&....B..7..%.l.3....F_...l.,..b.W.S.....W.KS.X?....B....{.....;.7.%..Q..T..u...d.._Dm...TVo.T.sB..J..l.-...a9Z....E..Or8.qR,p..&.W...R..[PBa..U.. //..;...9+...V..)Mc..].<.u=.G.... ..ua...Z._...D4.Q,L.E.V.%.......v2Ne".NW]M.$..:.^..|.m[`P..4..r...........b..^..m.._.=<.A.J....w.tO!P..M.-9@....s.....g.ki.9Zw.SQ....z.U1....%^....j+..F].x[..b..>.G..g.M. 7..T.5..1..3...9..n.`,!..U't>q......T....~<.=.&.JIQ..9....V.8.%?..6...}..'v..(..y.[.......&.p.......Z.|.8.m.3.6....&>.|fV.........]....?....Z.i.e.0..+........x.*J p.O.Z..+.{...B.......$.5..S&...bG\T.W....PeF..y....M...5.s.<.$....2..=.."M<BEw..+.}C2....<_[.l0..IG.S.k.

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):217648
                                                                                    Entropy (8bit):7.999115258930613
                                                                                    Encrypted:true
                                                                                    SSDEEP:6144:Jupw0VZzOftpG59zLHvZD5Phae7ZdDFYsqK+PyaN9KWR:JW/1OTgVLHJfaeN1isqLN4WR
                                                                                    MD5:EDDC0697E2EBC3142CD724AEE810D2B8
                                                                                    SHA1:449A298A71AC26E4771AE9F300065971A0568AFA
                                                                                    SHA-256:0600B21D9E3F223CE287921F8CAC27A78DFA61F0E602BA06DE96CB1CBED42C1A
                                                                                    SHA-512:EC2D2B1203E6468C831171E1B56CB1C73C92932C081D26081C06CB0FF7B5FA1DAE45876D7895216BA1CF0C51CA15225C4624E6D5E6D7A81DC2332A375524660F
                                                                                    Malicious:true
                                                                                    Preview:..+.r.cBQ.8kY.ox..y.n..bEo.'....X....e.m.._.\T..L.,...gt.....)5..H$Q.:....Wmk.y9...:.%.v..$z..~.....M#......H.0...c.'..>...h=.;.Mi.._u....E./....g.,....MB.......C..{.6..b..g...b...*.e.....V,Q.Hg.2V./N.[.x.]Q..XOufV..S.E(..]<C!{..>\CE.U.`L.j]....v...'......6........6.,o`...T9R..K&.nf.U2x.Q=..k.{.\.......DT..9.......1.>q..t.Gkq..l..O..V.(..l.g.......q...@.@.$...B.t.-..([..aGy~"4S........4Y.>ts.\.R.+.f..@.x................hH.s0.i....,.V.n]o..r[..a.B..?..T..O.7+d......=.r)....s.@.t..r....b.8..^......Q..k....J$......'.I[.......C..p6}u.D.}J...).'.....I#F.,YYPY.O..Q..\.@...|.:X.=...U..6.s.2..ANFD3...I..kx.l.j.EJJ..[..m=..M.@'.'r..ma.C:*..p.DYS.86%...7.M..B&.........|S.....B..t..-&..3....T98x T....D.Q.e.......9.E$. ....w@..?.\...j.:.]^..@.......Bw...)41fDh..../....5.)AW..<.u.us.0Z...e.o.....Ny.'.&.....D.......r...}w.cw'.u.b.ch..F....T..2.Ik@.bb.+."[=l...3....."4.A./.'.Lh...:-.yo...9.sn...]/.~...t..;.Y..:....U...8......Y.Bh..Q........

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):404528
                                                                                    Entropy (8bit):7.999541285549896
                                                                                    Encrypted:true
                                                                                    SSDEEP:6144:DIGodUwcEPk9dyNU6ZXprUwrbECbUv8rBSf0D+RAz9qV/OQWDtFvy6KuxenHL7Ma:DUcEPk9dWxZZgQER8EFRG0QZl9sHPoo
                                                                                    MD5:6E5DDB00F25AF16F4502CCAFFCD25036
                                                                                    SHA1:4467A84D79FE2DAD28B4D02A8688B0E8E3CF158F
                                                                                    SHA-256:6435DB8166A52FB8C13C496644B88B6A2A97E50018837E3FE2F2AB20C8331E0B
                                                                                    SHA-512:0337AC765868BD1F739DFF9F87A254413645686EED748B3AD44F8514F7746C248611B4AF662DEFFA82CF38AC98080F4891B3F100085F0C40AF3381E106D03DBC
                                                                                    Malicious:true
                                                                                    Preview:,..vpT.r....{..`Z<...c-..=9:.....Gr...d.......fF.B.)S:.`.....4Y.U=S@L.2k.....=..9A.+j.jKs5?O.e.p1p....)S2..T.J%f......m...C.u....Sw..o..Y.#....U.....^..P.e.fQ.PsQl.c.Es."...TMv...2_O.k.l.....8..[|.S."_...z.I..9...`.u3....A..|..Y..K..........B....S.g....(.-..XK.a,0{.)..xVX....6..<.B.'{v4....E.|......!HG4;m$.k.:....'......'_BW..mE...P'6C..&..t..~..%...,..0....0..;r`...~.A....,..0.;~...!.e.z.ya?-DI.q.......(....".B%.iC..gy.\]7....1B/.<.~.H...3...9.8.b.w..l..Q...z.......j.?.....UV..N....6..p.s'..^....'...D..,ho.rl.9`s.j?}&?..../.c....G./...F8.Ms.E.^.w..n...h.\>.q o.b.$.h.J...Z...A1..rgK.|.$}..*.\.R...D<..$1........?s,".....5......R>...h.0.Q1<..0....j..U.......u1.,...G.............z..j[.,D.2. .MB.viU....L..,...c...[..g.......=.(..b...2....<*..`'+.G.`.N..U...oP...r..E./W.<?zS..........[if.B........Q{1\}.....,..E..TkB.s...F. 8R..s...Y@.#..s.. ,.r.#.f......S...4....![....UH~.%......Z4 .K..L...\...o.#&...Bmtw...r...(.A....b....X..tv.

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:SysEx File - AdamsSmith
                                                                                    Category:dropped
                                                                                    Size (bytes):379952
                                                                                    Entropy (8bit):7.999458548408107
                                                                                    Encrypted:true
                                                                                    SSDEEP:6144:Y9H+NP+nJexxmNcXF/j20zkez7QVo1632u8soPcggNDioQPhW9gmzJzKPRH/3Fw:Q/kV1j20zkm7QVoq9iNcDAp8goKPR/Fw
                                                                                    MD5:DEC13076FDD05B065970B560F92CCE8D
                                                                                    SHA1:2A6E21BE2E9295C98086B9AB0E75E7CDBE1E8E24
                                                                                    SHA-256:F138BF0669956B8CA1782AFA2FC15583BA349354411A210DED13E4A87F82ED38
                                                                                    SHA-512:3F9D56F89381BE05C0D2BC618A070BBE33FC66D0F8B4A89A8FE075C44BA259382B6C5DA8F1C1BD1993631B29277D7E0B0E08F9D3551F92962499CE68FB95C15F
                                                                                    Malicious:true
                                                                                    Preview:.......$...rc...EYM.|....L.......}mA...?j....%s..x..%.......HE2.. .N...F....[&[W4%/lO,....A.SVy.U..)..;n.L.*..............<A.;.REx.m-..}...H.....N...W..U.d....?s.1....K.D..4..C=..r;...0.oFR..N..3....M..p...........SDV.....Z.T..gYO.?...U]........<.qI............v..:..{K.Y.o.[..N|.!..c..B...L3...k....k..}.......54gg.)...3t|....... 2..^.([...L.^..]..#..$...<.)..14?...Qa....CC...F.j....K.jB.....\v.b.......T...hU.i...........Q......^......0V.........Dt........y.<5.R.ug.9s..m....Y#3..Y.....xM(.F.&.ATC..6.|.(.\.rw..g1.]..5.n.. oQ.u.K..Fb....}.}=M..fo.b*J......0.....O.o..o.]..Y)..I=k..B..........S...='.k.}ym.4r.v......i....C~0.CU.>..j.+..wG#..5s].._~.DQ..m.._j..Y..G.pyr..O1..G......F.p....s.g...Oi.X.ZdVT.1.h;...|xSj.....@t..BqC..%..._.Q'&$.[w......h+|g.Y.F.tU.j.9.\.c.PK..Oi....o..(..ZY..x)m......Z3....(<.y.5eI..pb.nE+...@. ]..|...%.q..q..Bi....S.Ci...VH.G...7. .8A..'..Y....1.5......5.=.$..D/..Qni.t.M2..y.e].1..Nv..j.V.....G2#.........E/v~...ZN.

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_ecc.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):504368
                                                                                    Entropy (8bit):7.999570374063169
                                                                                    Encrypted:true
                                                                                    SSDEEP:6144:f+ubS4TNs6N8ItU2qMslHA7RZKAryApSpVPIEys/zGGq0/1UkybdMRN3tjvyemDW:O+NfUvlg/sAcFIpGj/R+MRTB2dEIuI2
                                                                                    MD5:0962B288C8B3166105445ABDD91C6073
                                                                                    SHA1:79C3DA7B3C1B5068D1B12158A29E1CCBCE0BF0D9
                                                                                    SHA-256:82B6D74210452078B42D42D444D800B0566802CEFE076B30115B40CFB44B9067
                                                                                    SHA-512:7FD15EDD0520D52231D3B08CBD48BAD04DBABE92D9DA4EECD17190886506D5BE88B8CBCA9353114BC6D1A9649110A9CE66D9CCD72F2C475A06FE67A9CAA69DB8
                                                                                    Malicious:true
                                                                                    Preview:......o...% (y...d.~......C.Z..A7..L+.....y3ZMr.J..f..)....+.y..0..JV..H...a..D.<n...g.N+h....W..9..o./..u5>$.4X...LHH.........$%.....]e.........4z.&s....~Z7e..B..D......(.k..kt.....C..V.u.9.$K...peY..E....^W.8..........6[f.0c....#QT>Y$L. .h.V.!.....[..~.j.....R....=Y'.......L..7{t..G....q.....$..D6(.)....\......8."`6R..?.;....|f...J..<..~.{......Z<......68...v..f...P..'J...`.*..BuoD.=...du5...b......#....v..s...........u9%?..PiP.4Rl.....P...........=.h...A.......Ixx8...... .3E.t...7.g..9.e..@..,.b7..u1...G.%......?...../@..p.N...d..KAB...P..W..........f..q..x...N..`0*'vF;c..1y......{...M...H.{..g........W.;.....H~FV..2.+e.^..,<...>...e.F^.X...+.?.Xi..7.K..........T.9.....^....w.1K.^.<./.......G?F.4\5...).#...o..=..;..(..Y.......15....0i{ .($...w.......v.h..z.x....6h.2q..)C.{M..=...A...'.....ek.'F..[.S]."T.m_9..9/..z.i.0.ni..[.%..P...Y.f.+l.efl.l...K....F.nh:..t..u..-..'$).3..iVJ..V....h.6u....9....HD..ib.......B.-!.r.XTs>

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):218672
                                                                                    Entropy (8bit):7.999274507690439
                                                                                    Encrypted:true
                                                                                    SSDEEP:6144:xaa12s3aTO8bHeUuWNSBIGO0M7tJRJu8ER1JJi2WJQLu:xaa12s3aTpbHeJOWMpsHJiQLu
                                                                                    MD5:E2D76E88166EE842EC3A5690532D962E
                                                                                    SHA1:6D8FC28D365D07CDD8067186E291FE97E3D8CD4E
                                                                                    SHA-256:52383112774CB8B421803612E0A8FF1356FE50D309BD034B5CC40AAAE1BC3222
                                                                                    SHA-512:28969656786AAF77217D62BF4E76FA8F4706FC17FD0C4433403D24333B26CDD3E16F3CEC1C6E7734AD298E1F20748F13AFA9DBEDE3C063BCFB5BF7A236885FAA
                                                                                    Malicious:true
                                                                                    Preview:t..]/J8.d/.iya@^ ].+.T..!...mc...3./..p....R..3`'g+ziNGP.U..X..c...........X..}.S.8....:%.\..KO.......u:...>.mH......a./.V.e..._...6.....u=...j..b.Z=h..<P.....f*.....b..%.q...'...Y.|..;m.jTvnGA.rt..8n.:....YO.j..i...o.{.._J.sM.jXz...N..J.....9\.w"...%.Gd.YE....Q&N".t.$....d.u.-.+.....s..._..*..a..QN.f>......qT@..s}}..l.%qH8.s.8.z..._....C.0.Tq.....J9z".....[.e...#..vO....N.KULp..bZ/..7/gz...n....<..w..T}.z...W._p......yL..1.T.`.... @.......n..)tE..X..*$s.4.?...OY.a./..K....7(\l.0D.'3..)...J./j.)..@{.w.\.....&.."..*....{....D"..1.Pq=9V8.I.}9..T.2....A.....V..!.zv....z...U...w.m9.l^...dJ6....|.$.O..=..i......LR.........%.@F..E....#.-..p....4...m.J.."...7h..B.D.x..L.a,...y.y....mA:....DB.9....8_.L...]Yf.....j.#.{..v....9.;...?c.. .4...G^..Q...........x\....e.`*s<..k. ...z`..&..#K>..$4..a.0..=.Vn....d_F.`n3dRh^.....0.. ....1]..rX9...#....x..X8R..}E......<.}{..&H............j.v.?N^.J.....:....ut....ja..H..q..>g.Hk3.I7.7D..y......7.H..

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.sig.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):2976
                                                                                    Entropy (8bit):7.9368138608527286
                                                                                    Encrypted:false
                                                                                    SSDEEP:48:TckAqHWbggesK2YVNYqn2kOYgwPZ520RCkzR4lP0Uc+nfoo930XbNg4+m04rwajZ:TckNr2K2aNXIwPZ520Rdl4R0unQox05T
                                                                                    MD5:191128654A268DFD7D4E9D4F7AA95C09
                                                                                    SHA1:9316752954FD88FE0F3BCA02D6702BC5D97A7CE1
                                                                                    SHA-256:D940907DB25EB419E3E7DFFA7D01305945A34F3F6D2BC60BE994AF47F3783236
                                                                                    SHA-512:1A0D109C620EEEB0F674E6DB925EC5D637E376E76E6F93FEE39FCF16F2D02E367ED881B99AFC88AB8415E000BA8F8C6A1CB84211B0D5B7740A88AAABD9BEDBB3
                                                                                    Malicious:false
                                                                                    Preview:...I.9=..D....|.,).V.B....DkY.....M..YMC@.A......Fk~.(n...d;.i^X..........[.^.E..;v... ...C.S`.....e=q......80.t..O..........4.'cw.R.n...H...........`..[5....o.w..Fk....Q..T.z?c..^....9h.\.lm.}..N...F.D"V.1C^#..@...y".|y.[..4&p>.aoH.%4...a.....MPJ...j....W....RI*^V......i/5_I.|.cO.'i.-.yd..(\..Z&.c..8.,f,..m.....+%...*..Cy.../4.W..qZwh81G.g..U1...l.fgsU.._-._...}.......-od...8..xQ...........~...:....|..il[@...3{..p..ByLu.n2.i...........eD.4$V<..zgd....F....[{..\..Utm.~..m...H..n2........[..;.....4......z~..lu..*....Z.!.1.o:&.......9[.AH.N..~.<.m.\..V....p+.>.$......b.........q.0gg..Bt.y4...j..mIn....I..7$u...w.RT...#(.U.\u~'c....d"..Or.0A.p.)....T..$.....y<4.W.d.6..v..H.4j..`M.+....Y..lfw%.!...........#.E....D.B.B.ctD.j....Z:.......... o+..d.... ...e.c.....?..D0..6~..F:...$U.@...p...0.......pT.T.R.0.~....52....9..s.qHKj..]..t......i....)...2)....US..HR|..VqZ[..N....7ec....A.q..(../......o)q..1<.OO9'..\...o....y..Fi..)|.Rrf)!.T..4.8..)."...

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv40.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):12336
                                                                                    Entropy (8bit):7.985741064996214
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:adoBXZPzA8hsGI0UJdzrAv0rqcoFsgJ1FZu+i4pgGbhFVF+7k5gbDPGI:iqJPONJdv7rsbJXpfhFru/DPt
                                                                                    MD5:6C2EF575DD340BEFCEA7B925CD588A3E
                                                                                    SHA1:664895B62C7910E4E493E7567622ACFD1DA5ADFE
                                                                                    SHA-256:26D6F5D689D95A863D78002CCC9BD47CCA20039B1C85FF5A944FE27D25A295A3
                                                                                    SHA-512:C287608B12F7FC157AA59F9BD4DE0B49D5DC19B6A76E505E879431E26E7E543374DE0791B8F99E26026B4145007AC3EADC527925E5CD0DFD83270A0F5419F120
                                                                                    Malicious:false
                                                                                    Preview:".....$~.lT1.r.w..|@..&.VT..x6..tc....=..Z..1....80Y..S...ej...._.+............Y...guci.'..,...n..3..enx.......4....('........Hg......wg_..g.]..C..8l...........}....C`..w..F.T1....;...s.^...i4nS...1...s7...u....&Be..16.E.9.0...6<...2 p......a..h..2..iE5._!....T..&...'.&..fx....7...C..{cU.v.^b..ou.\..ee..._..2..|..vg..pi&.tz..c..r...6%.._6M7e.;.....e. O!j|V.4.....s....:..zz.. ]...<.@`..?.-...(..#.".....dw.M. .@/.):}..Wq..k.)...+._.....f.D=..`c.8.....R.....?5..aqiQ....'.....;.$H..N..@t.....>........T...y]V!...N..r.n.*.[w.F.B=..g..1.'xe..........H.*...L....8..gr.8...4) ;..T..JN.....fc0Xp"."..nHf;...Wn.....Ri.%...QH..W.b4..j... F..GO....hT....`.....D;d.Y..\8o..5t...xr....R.........,.o..iZ....5....c;...F....Ah..;....n.Q.9h...)\......fh....y........h.!.04....pW.F%.s.....oS.dZ.>.0L._..............\&..A.,z....%#.u2....'/....[..4.<.G...,..s.4Q.a.:3M..r1s....(...@.O..$maq....P....3..]...*..<N}...m..."...0...B5..|..?...c.ii!.F..

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv58.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1227808
                                                                                    Entropy (8bit):7.99985766834724
                                                                                    Encrypted:true
                                                                                    SSDEEP:24576:5GN19vw6QFtsB5XYZ1SmWrYXRp77c02LDpMN5qqUhc1nSZc+imDKVenwOKH:5E9o9t25XY/4Yn77F2LDpBqhwLwt
                                                                                    MD5:B88E7BE10909A25DFE068788D315C1CD
                                                                                    SHA1:F3B6F9181E65FC30A9D5FBD5C6F2D9F7770FFB94
                                                                                    SHA-256:E5E7A3204D4F77637EE7F2E77C22AC97FB0253CD050986DF3D9BCB7A15E319F3
                                                                                    SHA-512:B5CEC8B584DEC07F331DC5B1218AEB1DBA62F19C541357757457ABE0B2DC5DDBF200FE9A281852B2D8F2C4CAA2F2EB1E148917B2D7447BA4ABC35BD0F4A3F0A2
                                                                                    Malicious:true
                                                                                    Preview:s..]G..O.........3El..".c.(...t.=.(...T.84a........C.+m.EB(;.V]..6xh.o...u|.'.L7..[ej.Qn...i..4BI.`....cA..'L3{...9-....|S...A..i..,..Q.|..I.%_.O.C...M.n.X?..#Y..g.l.]CR......../......?.X..F.+...^...>...y*L.....+ .A.e..o8P......r..4..]..w.d. k.m7RB%..N].j..@.....V.R.-zg.*..W./!.....n........C.p....;g........=w.m.].....m.......\.I/0......v.d....Zd:X<.s\......c.).A.k..F.C&>Y%..6.....E.b.y..lD...........3.8..t(U...3...t......V.....T.._.....cJ.WcN.B.."...T.Dt.&...O:.9.1.~.~..y..Q..V._7..U+4@,......S...$......*..:.g.T...<......\..M.@..I.....C...m.....S.v......x.AS...2?d.K.].q<....i..~............~.....f.lC..Hp..0.2.....&.=.Nc,.T.Xz.{.g....K.mz.[.#9....=.}W..$..Nar..7.6...wC.8...&L.9..d....g.r.y...Zx..$J.5......d.L.. h}........T.}Jmz.9.K..GI..8....N.5A._YP..x.7#8.c....t.t3..s.Y...P.....[...A....q..&n...D2......DC...sa....c.B].N......M.".....n....}..q.x.S.z...;..C..6..d...Sy......Yw. .+;u.k.m.f^..._.$. .c...y..{......Q....BP.'..-]s...T.V.

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icudt40.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):12336
                                                                                    Entropy (8bit):7.983707733343076
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:uHqL2k5R5DGdYYgvVp73i1iGmyrNYlBSnEDbQ3WX686dYMmeriqfy/yaM4N1NRhN:uHmlMlgvPsiOeBSnn3M68ImOa//1pl
                                                                                    MD5:C3D9CE74E468C4733D7E018E12EE19AE
                                                                                    SHA1:8967A34274D0DA1A426ECF64EDCF5523BAC48FCE
                                                                                    SHA-256:EFD88F25DAC5A07F6A010E742091F54B4C3F5BA305E83DE7109CE20115523FB5
                                                                                    SHA-512:AA6EAB731F78B2B6E0C569D799CF67776F1A1B4871EE10E4B3A68154A09AAB866F89BACE13D6502C818FB208FAABCF2E05CD580778BB5318C7161A712610190E
                                                                                    Malicious:false
                                                                                    Preview:_+c@..Gt:h.o......p...X.=%.....akR..=.+......P.......D*.xh?J!..........:E...O.g@.v)J.y.4.......e.l.K.$G.9=.Q...Z....z"..."?.Tl.Z.l....#.R....V...7E.I...np...I<H............";......S.#}<p...i.:g.+..g..z..5..]v....-./#..{u.@.d._..P.CG.p/.R=U]O.`.!.G..hy.Q....!g[?.......zf.5SA...9.....iF....S0@O..u2.........7..L2...P.....V.>..".../....!...J}..wJ.........Zs.Yh..3.s..J...."+s.r\B....!..>..b..).-.l.l....W.m).a.h.........!.......i5s.9uQ.).nQ..x..c......?..I....].P.......I2..8~..&..7.U.:...,.n.FB?.B1 V..3.I....H...P.<.A.....|!.....p.r-..z...*.x..u..NkH.m<.....{."..)...1..'rJ.D.g.....*a.....D.{'..p}O.*..~@.(D...z......OY..^.l.8#H%.5.,...K,)......DuP.N...4..;..C.?.nY...i....S.....G.K........^.%.!.6<P..G...q.`)...d.%.cZ.aG..[...R.........V=Y....?;...]N...7.S............^...h..X$#..F1..L*.....]VY.~..2.3...L)/{ 'N......V.m\$.....W....V..!Qhnh...O.|.$H.gm..._CK...6.@.l5.8...0.G..o6.Zk.-.%..O.c.A.v`...u..\9"R7.Kn.UX6.b......$.UW4.U.K.............H'.-..

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icudt58.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):9605152
                                                                                    Entropy (8bit):7.999981388136172
                                                                                    Encrypted:true
                                                                                    SSDEEP:196608:nzwiC8aMmG9xxqKbxVal6yvTbqkhAStr4bNY4aDjtHksPJmuj+XG:zlpRi6yBySl4ph+PPAuj+W
                                                                                    MD5:F7A4E4589C4A9CDF61E1A4E4B41546C2
                                                                                    SHA1:771FDE37FE4CF04444943BFC951EEC2115083249
                                                                                    SHA-256:E32908E4E3C45770491EF2157CA89BC22D76C6BAA67773C105F192C227ED4C34
                                                                                    SHA-512:886A81400D2267569ADA0311F1CD9CE00311DF25E19A1F63B61B66640DB9479F5F216F5B3C8819D7A4692E2BC8C1C2197F5793929AA351973904EA453CC3ACBC
                                                                                    Malicious:true
                                                                                    Preview:....g.|9.4Y..E]j.......V.3j..H.A..Y...#a..Sv.#q..+!.}..e.j/2M. ..[..k....'.m.h!....I..Z.`.x...).Fg.3Lo.S..M5....o.....Z{.[}|......v^.JH..].,......>.......%.B,Ah........<....JP...R.].s.QZ.m.xH..39..twF..!.j...(o..l..g..D..f...o.R..o..'.....M....=.nE..E.s..\.}>...r..D.#.`.[{..|.O.W..I..1z!U.O.>...kp..'m2.;...^.q...x..&`.Gk\..............Ux.\.}.R.....6Q0..g.....b..U. ..R.X.{.}+.......%.q....e`..!K.h...l1.......~...[....&{..n..y..rl.....Z:.....k.b.....@X....Z......w..t....1..F...Tx....G3....}..a}......r_a+.Z.!j{-....D.t......S.g..... @.a.,..X\a[......qB.)...........-9....>...v0"...gxbs...7.Pg.)U..|x...w..?. ...a.......4..V..9.._.g.q`.b..4..L6..........,.... .....O.a.1.....`Ps..+....I.#EMc.Q.'&..tf4;..0L....n.E7..Y.......pB.E[*.U...%6..*....N..y....8...o.^.J..`zx...p.|.....pA.../a{E..q.)4.go.....wR9.LBh....#.......Fd.E...i..7.....($.X8T.1}N]mI.hb.`..:...3..<4..P.9~S..........;..e..e..c....O............~...x..j._........x.....

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\logsession.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):401536
                                                                                    Entropy (8bit):7.999551577669512
                                                                                    Encrypted:true
                                                                                    SSDEEP:12288:vCmjtMrjkj5070aYlX7wyAfvxuRGppUuvHm:v6PUM27wyDUKuvHm
                                                                                    MD5:C7D99A845F6CD79D442AE7143BC8BEC4
                                                                                    SHA1:EF749DC6496A31226AD5BFDA2D4617F2C909B6DC
                                                                                    SHA-256:3CDA759972CCE8A37D0BF9218EEEC76CF88C9AF44CC70BD217CF5C302BF8D97B
                                                                                    SHA-512:E9AC1CFAE43EA4B760A5CF695BF1A56E380AF5B2DDFF8DAE6A5A75A852BED03BFFB2A29B3CF28D7726BBE13B4AE436CA56D00A54026F087FF414476D77F09EB9
                                                                                    Malicious:true
                                                                                    Preview:.%.....xZ....@.6o....s%....._O.....(>k..:.4A....R..r...fu.8....@g......O.........,3u.q.- ..+..1p...G..mK..`J3k .. k..pN.$\.....k.......?.PX.a.G..Dn..4.3....Y...0UX!.H?..n....q........)........W_e.....Z...=...H.Fj2C....uh>....6.r?..4..{...x3Z.[.@4I...3\..;_.!l..(..]5Z...X.T....#...%.M.....UP..&.sy.....-g.bp..Ty..-I+.|....9gr.s..8d..]s.)C...)$..%.xP.B...J.j.E..twMw(....A.oq.....3z..G.0...-r!...e7.9v..\..D.;LY.j.e.Y.3?.Bi..R....p........v.=c..O.....u.. ....#.......0...Qn.{UM....Z.*....[...z.%J.].k.=].^N.Y...(74.)..f.-T....B...@hg.fvG}.*..0s..."y*..wA..D.e.4$sB-X49..R....&h8d...dO...{0}...Q{K..e...(S.@.~2..JP.~=....Y..@_$={.f?.....,...JB..?Z_..c.z...1...Krj.3._z..ud\......0*..+9..|.!`.......G.`._.-..$D.+".>{..L......M.F....E.G.......c..2...n..XK..x.Uj.w....}+.8.D..8...T....N..k...E.......rZ>/J..e....fI..~...i.7.x.6^."8....p..ND.>kRo<.u...nU..-.Z._...7../A..Cfi...q.J...0.F=[.K}'X..WI.0.^.s.Y....M..wI..&E.....W8tu74...h..s4 ....3;.@..Z...-

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pe.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1478352
                                                                                    Entropy (8bit):7.999879744320588
                                                                                    Encrypted:true
                                                                                    SSDEEP:24576:AfpdxSJt0EaRVR6x4LK+lthBsKhjmrsx9P1/t7c7Ma8/4qbywbHHjTzR47PaNewE:ABE0v3gQ/lthBsKRmri9V771tbjTzK7P
                                                                                    MD5:43B8F41AE03CC4B54B593377A63F03B0
                                                                                    SHA1:BA91E64C62C15192387FACD1B553E49613892E8A
                                                                                    SHA-256:992C63AF037682DED998307714AA943F413F08617DA57A3093297D5D1A8DEE35
                                                                                    SHA-512:C348DE6CEF8ECFF8622B392B4A919847E561E7685FF2943EEC5D63512039CCF8ED36D6FA70B6AB0B39E3AB8EDBAFFEE3395BA6026809C8CD3CF264B877063748
                                                                                    Malicious:true
                                                                                    Preview:.e..r@./.......a]..}])9.9..B.a..;..f.o...n.L.L..........,...$/.4...e...!...go3.L....C3.gbF0.1l.!N...$=..q..lZ$ pF.HT...V[K..D.(...e.bi...=<Ad.y...R...e.;>j..e/D....J>0.UI....t..#.p..{......h.....#J..K.c...|,..>.....O.F..~. .......':B+B.=3<.;1Ql.I.s960.W.Mo.....!x...e....D..I....<.....8v:.,<:e...#....6....h....e..~$..t.x...[..YG...H..~?y.=.*...ms..}..k^...*e...e..8........Vx...@.uW........q.....\[...^x.].j..Y..,..h.,NI5D.w..J..7B..rF*..9X..[9...m.t.{.1.\.n..1.-.C...gx..}....<.[g.....M.n.....C..+.N ..,.{Y.....'...&.g..........]k........K...mq......a.D6.m4?..T....(+w.9l.....+.@.dw..$rE..$4...{..W..L.88.:kLLk.#..V\Wv..Z....b..'Q....v...JK...................Q.i.....6.#.z.D...@.P..... ..?O.T../.....t.s..[XG..../..^s`...".#b.....>..R..Gd.s9..d.....`......../.b.;).A.?....3M...{...au.....%.%~....2....,V."9i....5.>....F1..c...O..?..[..pTrG.86/0...U.H.Z,.E.3W..G8.Y.....o....s..y........>p.z...hV..n......9..AzJO4#.K.7..)1.+.2*....[.py@....~S..`...a...I.W

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pmd.cer.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):464
                                                                                    Entropy (8bit):7.63090530991747
                                                                                    Encrypted:false
                                                                                    SSDEEP:12:GW7pjgnN/Fc9k1pVhOV8mXkNrYNFrwwSzFwmTFD0:Xkhek9NrYHsw010
                                                                                    MD5:0A60034F89F760004267A4BABFBDE859
                                                                                    SHA1:3AE4AAF1CF0D4DDA671774E000D0A5DAB0D20D74
                                                                                    SHA-256:04AFBF604F0DCC66EBE00AFB485333173274FAD47CF32F4B95BE75630D660F94
                                                                                    SHA-512:3B03C93B9510B54B516ADE4F3EAB8BDE73B41EA7E4BCD1031F564B88761008D062D3BDC21BD4D5785CFB7C24DDF14DADE99A48C5546F49B035236DE15D362BE8
                                                                                    Malicious:false
                                                                                    Preview:.Z....k.ub.'..E1.8.....C.l.......0..n..1.g.6#...l~.:D....,..P.O..U.....5?...x.....J...y...2.e.o#...T.O.J..;....8.B<r2y'.^n).\.:...|..IBt..4.t....p....q....r....;..S....@.....=i.7.4../..M...(....%Y......n...EQ...d...>........o....jj...Z.....9...OO'hp....Up.g.6.rib......'.|f.}3.#.sI...w..&..q.K....#.l"7(`n...EY....H\&....|........k...W..:.I...Z.n.-XL....F..v....J..$..ej...TY o....z*....ty.[...YQ...qO.Z......Z..E9P....*".S...9d......

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):53792
                                                                                    Entropy (8bit):7.996553392564756
                                                                                    Encrypted:true
                                                                                    SSDEEP:1536:lk5FiibYf3xAm080a1DlL65wwvPj5f0+K32rIchxV:qFOfx108VVlGww3jx1Ic1
                                                                                    MD5:68C1E8E2FDBAEEF2B6BD4FAD01350769
                                                                                    SHA1:8909B5513A6AA821C9351246273005E29E5367C9
                                                                                    SHA-256:8F15B9769F4D959463E9701683033AAF89B739C6FFBBF2C7B65C2BF2ED5AC80A
                                                                                    SHA-512:B0AFE2E2526863A64705D58B857E108DC9BC2A27B47330A5D8E4CFCE7C17F4517E0C3CE015EA06CDD4F88B10B421F6FAB718403F6FCBE94F755EE63820F7ECB8
                                                                                    Malicious:true
                                                                                    Preview:...7"5.2.7(U..W^.7L..-..}.,.9.....=UP[....oA........5.:.;(..SE.......].O.JL..P..../.v....k..I.Z.....tZ...(..k{....N.r..G%. m. y'LG.NF,..D...!...`Au....g4..r5..>.....(F9A.hO.!B.......b"....y..0&r.J.@<J....ARv....x*PN....@..0z.mY,.......x...l..Y.G.a *....Q.@..v...P.....#3jmI.S......i.q.D...y9t.]r%..j.....^.....FM^.>.CM..CTI..I..j"..p.m.d.Jk..R.;.T.(..ezU..p.o.F.....E.......`..3...xm...\.L.~R..&.B...Z..`...l..!.W.....Sp......r.P...9.2.'.A...E...M.....{..7._..H...i?k|/.........'&4........&<O.u....U...(.*.oP>..N....m.....J..o....}...?Skjg....iG.N.GAD..A....`.=...o..D..Nu:X.J[. }v;..r..^..*j".[...l.0.\........1....e..z....`].D.-.P.6..]..;....h..:t/*.K2.....P..J....8.y....sp..wrH.b.+1.k^.......X...b.P .;..........1....hsx*`.r....2<...C...[.J.F.4.v....(.Yl.....nr/...C.$.h...`....V.6#...WE..>....#@u.....?..*2.. .A.. &....d.......v*z..0.....u..S.|.fEleHC..g..!.l,....+z5H.....x..<.4@..'{..G.`..%....<s..|.I...S..l..I....Ku.(g}".{..Z.....^.0eD.YpI.

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\rt3d.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1761888
                                                                                    Entropy (8bit):7.9998881142835545
                                                                                    Encrypted:true
                                                                                    SSDEEP:49152:KgJVy57B5ESspS+FRgrZFZTpI9l8Np/EXRJcIBM/A4Y3VUeehWiXg:K8G95EAlTpI9lwIK/A4YheFw
                                                                                    MD5:88B3D1820713F503B97F41E6FD9ECCB8
                                                                                    SHA1:87D52FC59C19E9726226E85120D6C500C9CCC991
                                                                                    SHA-256:C85C0D4920321C53E8DE22B7B8C61CEA1D094B4D2F9B3ABB65148EBE8398639C
                                                                                    SHA-512:E255BC714E8BE444E87B143CA043004313BF7F37A939424A0217C645181B9E86C4671830335D1916C4AA036B34AC79D7CF6ADB5B8F187F4CAACCAF1E535F8736
                                                                                    Malicious:true
                                                                                    Preview:.3.i..I+. ..:...,s..J1.9.e,.....u.x..r.....-......'X.;a.. ..[..Y..X..DjN......3....~O.\..k...%...\..cS..Q. (...z...%5.r..8..]T.Z~..~..r.k.....M.....%.E0.c..n'.q.$..u..'{.....!./...k...<B|.`.*q...nC..@eq.I.4m...dW.w....[]...........yD...E.4...e.o..........G...&....}.c.z.[.t.s...d..........&t.........k$.u.J)...@.E....^.-N...s...h:..z......m..lG.Q.......W(....T.x...........F..M...-G..j..A.@.X~..0NI.u`........l'f..>.{..n@......TD....i.J'..G.}xJ...<6..0...TTJ..i...1x.YV".....0 WE...4...../..*..y.g....u....;b.....)..Y......(t.a.#>.....SG6...vk....B.5....g.g......2Qj?8}.5.5........fI..?_...0].n ..*..Eqy.Z.mYW.o..3.. .:......{.r....k.r..]g.4......Ol..X...LR..z.Y..K .Ay.....'....X.n........I<.-b..8...Ny.s..6s{JAp..1.Ky.........s.m..*...Z.~..l.....=....O.a......>...R...}.W.YqLK>p...'.j...e...z#2....t..k....5..2..x...-.Fdh...w8.g..aK.lX?]3!........-.bc],....[u......Y.]....0.\.YM...q.o"..T4!o.r.......L..:5.z.C..(..z@.MXk.^...)u*v..N.J....)....a.....i......J

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):439392
                                                                                    Entropy (8bit):7.999601153830116
                                                                                    Encrypted:true
                                                                                    SSDEEP:12288:iJfmsjd9fMZeEl1ESVFipqk8u26u8OBeCehP:iJf1MUy8qk8r69OBePP
                                                                                    MD5:91B4313C5173FA6BE0424CC942FB8464
                                                                                    SHA1:2D3F545647FDB333142B587C94710798C8CA2BD8
                                                                                    SHA-256:9F655396092F358CF20BD69FDAD09E7A3BFC4ECCD2A3D3BCA6F0C28D5D3F3CA8
                                                                                    SHA-512:1A739EC19BBF2558C4F4AD3F20797306A46F5ABF334F6DE6ECDCFF6554346C322141D839FE5888E51DAD6BA521085E4C415449313686355400D6454211F8CB58
                                                                                    Malicious:true
                                                                                    Preview:..4.}^SZ..qR[y......."`.l.)g%.$|.L...S.X...p.~E...(A..B........j.k.%.\....>\...`.;v.........)..NG.1..t..|......L75..Ri.s.I.<ES(...}s.=.x.{..*T.Sv.&].+..S....1..e2Db..B.#.5p.!.2.......?...3T...%...9.&_..=.M}.C..h.c8....6D,.o...-..`.hR.......~y.:.7.:..~P.i&SO..."...?'.n.uOw.|\..."[.Q5.e.5.....[.....U..M.68...!.).,.dB.....+...D(............~,..`.:%.W...(.PO.....C<X.P........k..q..R..}...f.vB..P.q0....J....1.....L..f.E^W.G......O...+CmQ.(.../|...eb..Q.8w...:c..<....M.A..x...F........U.;>X.`....._.".n>...@.P.C.HH......:.g.P..O...9.......#.y.#,.n.._...<...,t.M:.*.Y.......$'......o^...;.9...\....6.....G..1.l.-S.....R....d........../..4;............+..5.:e....[.l....r.n......5.pV...n..d@s[.W..J...-...c.xp.*.[........B%RmK5.3a.-....A.f!....}...og.E.R...R#...~.....$6=....;x.."..?.T...2.....a......4)...7\..s..>.........xO.3 .ZF.....8...La!.....L..Bi.h..*..8.(b....J...L....s...ov.4y....).U.2,.._4[=...2.PjqK....."...u....S?.uL.p:..{..&....D..z..u3.x.W.N

                                                                                    C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):110688
                                                                                    Entropy (8bit):7.998461144202123
                                                                                    Encrypted:true
                                                                                    SSDEEP:3072:nvLnlZqm5a6CMvRpwhIQfzkhDjoyEOJyEHGjDR:vLn/q5CChJzk6DOJyQ+R
                                                                                    MD5:1075F40156D96910FD07641625527118
                                                                                    SHA1:371F027C9FAE021EEFB98E9F0CCCD0BD0B6942C3
                                                                                    SHA-256:F9C61784A263C11E9CF34CCE7A49F9BA40CD1C2D6D22658AF4E6207CA2F0D249
                                                                                    SHA-512:DF44739530EFD4F2D9995B7B4EF4FBD75E4A2CC7B2D85BAE7E4DDC22F33037243906EF38087DDFF7F65F3541FBB8B8F7C2A8962B0C5A805A48A49192EED56B14
                                                                                    Malicious:true
                                                                                    Preview:..=.ATHXD.W..n.e.....E.w*Z8C.c..%2W.....J..G.c...........'1h.].....r..B....f.K.s..j.f..,..P.0..<..d_a......XC....D..:...G.f.E.oL`..@...&.....AU....u..y.U..>A.S....4i.z..k.L..8.........r........$9..p..g..2.D..Ay.0..t6..e@......-.....Gt...(...5.......X.W.g(w.1~)[..........c.."@.....>}|lr.....]..!..7..K.+W.^Ib...>!.tV...#%..?...[.b...PG........\.$Tz..~.+........e.....LC....78... k.0.....#d.......;...c.0...FF...e...hI@.l......YKi[..P.+....=.+.....FR...7P.eE66S.*..!.....z>..'?3..>..M.....;......4..psJ,..gj...Qc....}......./i..q......K?...ioS.(>...1.O.....n\.G........b[....D.k$lTQ.0.f,......1..|.(.....4.\....bQ..a..&..X_..^J.~|7.Bu.R..R...J/...&.1.......W.o..>.I.bbw....$..uv...z+....8....M.V/....|\m_...".....K..1.3...c2..........w.@d.m..f..........n}$.+H2.P#.}.......a.3.*o.8..x...B_f.?..+_......]R. {..9..s=..}36...tb...E.g..l.U...[....^."...q...y..u[m.O..o...[.,N...k..+.R...q00q.....@G,...CV.wuN......_fH...\i...'..>.>......=.e...w...m6d.

                                                                                    C:\Program Files (x86)\desktop.ini.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):208
                                                                                    Entropy (8bit):7.054268429708833
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:a4krUn2yR42oQbjUNYmK2OmLwecMTpugOP+hA0zbWQiCjBJW+1UzrCAHabtAhhps:ijyK5K8Jw2PO2n4MWFzXSAh/lzSfn8ul
                                                                                    MD5:6E508B42F351DE0BF22B1DA633064A81
                                                                                    SHA1:F5EB290CE747D921C98BCE131E443884EB96054C
                                                                                    SHA-256:1DF9649DC6034BEED115309314CBB67623CAAEE205580483024611C76EC8741B
                                                                                    SHA-512:B32E79C1360691CD62CAA9C3326DCAE5485E985EA43E92D182A33A12647B1719AC252CF174CFA57380F9D6A2F17C7749F5809C4E84C07BA410CD0D1FED5B153A
                                                                                    Malicious:false
                                                                                    Preview:.........F1.....h...W...c.:.tE,.#.2........t........Q..rb..t.[t..C......Y+...#(.0oe..3...r..U.%T.*%5.#..1M.Em.].<j.!\G'.j./.[*..wH..q.1.N...e..'...>...PD;.V....$..L.F...I..&.k..}.Kv\._ .t.X.....

                                                                                    C:\Users\user\Desktop\bnieCH9wRm.exe.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):32
                                                                                    Entropy (8bit):4.875
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:72r/fdJBLOCohnn:8fxaCGnn
                                                                                    MD5:E10CDFC609A7A43D1C84C9911BC37426
                                                                                    SHA1:B2052CC69BB89C6B97185961304BC97D6E82E174
                                                                                    SHA-256:D6B2E2FED3B6F8D4255820A253F4EB8392B1564FF19EFF598C2222D399905BB5
                                                                                    SHA-512:0A3A27A4070E4FC4E8A60B86A2228A8D360B9CC2EB20710BDE3B1A643D6DF9660E5D74EC1DE6A7B4D302D3DFD51214A6A05FC71C3F450E95B3DFC14CEE9556EE
                                                                                    Malicious:true
                                                                                    Preview:O%S4.Bb..:.v4...y..6GkX..2.M...K

                                                                                    C:\Users\user\Documents\BUFZSQPCOH.docx.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.82651298781216
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:dRDR3TMJLwhlun+WDPrIgnsNKvSy0I+R1j16H9OxeYUSLp2gf/9MZh8:dRdTMJd+WPIloSyw7Bxev4giVMZm
                                                                                    MD5:D89D67EB5C892C38A39B43D54FA20BB0
                                                                                    SHA1:44EDFFE54D4C6BC2691694994D3A1C185A14B2D6
                                                                                    SHA-256:898AA9CB28E14CAA2BEF9F4F80CE330D18DB97DD13F694257D5B5D13FD17BA75
                                                                                    SHA-512:8EE087676757FBE00AD056DCC4C9F3EEE06854FB4642BE1585A0A4D42E429C2F26D4225D965539C07C969D43839DB092BA3C9D613B0EB6D7BD7A31C4A8111C48
                                                                                    Malicious:false
                                                                                    Preview:..r..<c.....[...Q.q.3.....4j5Q.b(..........z..ZS"}.4N...PB...L.F......m....z`.dF<3[/8&.Hh.Ol.n..m...Wt.UA..{Z0U9m...O.*.._......M...[.......K........Wq)..H..Z..D..:d......[......Q>.DK....W.3\t /.......S..G(X.....m..SP.=.hc..8...Jb......x.6\..[_z]yM#...K.Y.....s..2...3..U....!..W..&.P......0:.Z.T..|M.K).S^@ .g.N..r$..r}Z}...2n....G...m.(5G.S..W&A6...@....k.P7...4....c..:...m.....m.......[...'.3...&.A.2.........n.>1D...y..w.0...v.....t<<.]V...0z..a:....0..'.T....(.|...N..]..da....d....UQ$...2....[_%...W..9.?..p.".OO...........Sfq...b...[.....ZM...pm..<.w.kQ)O.~..u...t2.r..(M...G.o...F.....)..D.7.t.f...1....4XG...E.vS.`....E./...[...p).O.wG......1X....z.(.CZ...k.J.Q*B.&k7..H...?]i.J...?.....e.-_HZ1.s...;..B.....,..+u.....{...5..n;.....>...9U.Kf3"X.(....\.,H.l..h....t..Qo.t.4[..K.%.cE....^...-...."....m'v.]Br.B.0V....9.D......x...W...RMY..@..t...V9.-...I.......C..U.b$N...@.{.._N.F....^M......H.OC.h...!&.....B=n...2h....%..m|=...$X0..Dja.

                                                                                    C:\Users\user\Documents\BUFZSQPCOH.xlsx.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:OpenPGP Public Key
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.828490440117435
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:QJN9hS6W6it3MBIjaXt9ZxTbxnHlImrQFsJ315u+WSR:GnhS6W66MysTbtould
                                                                                    MD5:77F5C4F80851FF824FD77972508F2B28
                                                                                    SHA1:AA9A34F4F6BB64FB182AF1D5717FD4612C9A9ABC
                                                                                    SHA-256:B793A88842AB0419EB98654633D26EE4063050C5C0D05E6511BA620D5384C239
                                                                                    SHA-512:5723B01B1CE5E5E3BA54D41FC471AB9087002A636987E38FCEA79B39A6B39838CA6C441572422407DC0E4563A93AA7561BE078F0E67D68FDD960EE7007474563
                                                                                    Malicious:false
                                                                                    Preview:....k.D....jy..........$.......r.6A......T&h..h....+....>....D.d....A..[f..|..e.a.`%..twP.?vv......|$.-.".m.F...".Jx].(......I...K.........! z.....F..;..l.........Z....#..?Bb{.oT..S....'.T.......a...%.....*_..w..%..f..J|Z.36|{.c.....$..T.@5Q.$..XUK.a.......r........H....nV.......$.e6s.....9..".}.h...WH....dFcRJ.]<..a...8.....F?{V......yc.b0u(`...H.7J6]...,..K 9...*8....<..(..H.XT......+...I*tz..(u...,./..P$b....Le].X....fL]-.l...D6....@6..1...wd.......Q..-.&..^....|.Z.xr{...j.i..W6.p....]`...Z...i....fgE.@...`.....,.......U.A.j.I.CU...>'.Y.J.vN.H."8..........E.Ha.^...f....J.l.\!...).......q......r.t..tT@.....ab...\....3..k..]n..E6....$...|......Eu.,..W.....p9.K..t.....n#q.....W.'..d..O.....r......~..,.0.1..SDR....O...O%..9p...3..n.i.5&6.Jp..J.(....[i9:...L.\...q..e...Jn.Qu...X.....h..G.!,KU...\A\,lA.h.f..&p.m....%....K.&K... .G`....................\.......%./p...]..t.[6...(..ET.@.W2C.O0o.G.W..Yd.......];.0.@-.*....-.M..u..#..xg*%..A..

                                                                                    C:\Users\user\Documents\BUFZSQPCOH\BUFZSQPCOH.docx.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.810770631547568
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:y5hVYTmz3SpSM11vZBJXQfyEhrft+nIVPQL0J7f6UNXM/b:yNYTTv1xBRQJ5ft+G40f6kXM/b
                                                                                    MD5:988FE7ED49ED5493301BF0719340ADB5
                                                                                    SHA1:DCBE620AEA6FD91B4FD5B44413E964AA0338CC66
                                                                                    SHA-256:AA5C1FE244889F49C4A0040B5A7698AD3E630FC10CF50C91552C11ACB1EA631A
                                                                                    SHA-512:8C3EFF5607D049ACD6C672C28DB39545BD7EB1DFD2C9DFDD230A6CB4A3C4F5302E948553B2368D7EBFE00F978C794DF7944F12E94C035612BCF0025DE4C42CA8
                                                                                    Malicious:false
                                                                                    Preview:;..`t.R.MS.x.C.A}..A...s...[..;0.v.x.w..?..NHO..t!........Q...=cS.17e..wbp...K;.96.d.......Jncwmj.<M..P.a..b.=...H'..,A.;..X?...].TIu.a.oD....O.}] ......H.!.L......{u.y$...*Kd...F.#l.l.......A..zb......@I.>....Aa.;..x.J.z#...c(......x....rR...=&..6..'....t...&..Mw>M.F)%@+.w.YJ@.(&s...........z..J ..m.Eu....t.......?a..fT..v.h.....X=..*..qR(...Sx=iag.qj".....Y[.KW...AwVx.r...MJ.-...`.l..Y'..y..@.......k.Z.....v.&$.)..to.H...qK...e...kf..7ak7RJ(.Q.a...[..3z...n ....E-cD..5t>.V.&.".(...>`n....2...........F>.......f.....wO.S(..-#.&.....2...-.....\zu.c....@O..i..C...q.(....'P...7V..>I,.....J..........L.JM..{.7.@8|.r>.....*......7.$......x..U...!.~R..3U..*.D..8j...IHTz...~...S..Lm....^....~....o............c.+.:X.uZ..O........B...c.;hO1!&S.7tK.....Qa.1...E6..T.O....&.....m..c]....<c...-....\D......,D.....> y..\.!..x.N...;.%VE.z..t.f.9.F......../..Y._....1!.RE...Q..1j......v..j]T9..$".r......h.4`2......OM.D.*...R. ...Mh.p.;.B8

                                                                                    C:\Users\user\Documents\BUFZSQPCOH\BWETZDQDIB.pdf.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.833551379902753
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:YdddajzUEkadEgSX+/fRP8YwAgdxhAPMKPQyvg5I:KdbELEgc+HOvAgdxhmzEI
                                                                                    MD5:4A2D9589D28EE76A5D4916E86BB21FA8
                                                                                    SHA1:8AF1A63CAEDB1C4386B131160860B29BEBC141D9
                                                                                    SHA-256:8E2D9572A72835A5B370E7ABC0A4D841BCDEF1E86D49EB6DB9935A7B2E2799CD
                                                                                    SHA-512:79C8A0014A9112602E91B97BC13A4A0ECA072964E660A0B031DE57E7C9C92A7AE7E357AE7BB5AA0E4F4E3D90FCE0DA150C9677524E6A53197680EF8E532A9498
                                                                                    Malicious:false
                                                                                    Preview:X..j.Q.v.d..~Wv..Zx.v..>.F..9..F.[.b..9..L.f.(...)....{@.............r...M...(.C...bG..9.K..q.&$.>3..g..bz..(i...M..Uj.|. J..R..J..:.j.......p.}...V+..N.F}4.....Z....y...`..~A?.Pw>.....v.t*.XI.{.?n..wd......??..8.../In.X.W...>?.BRx.......(...w.."$......`.....V=.pU..0....L|]qO....k>.Q6..k...+.kSW...U..wR.../b...y4..zQ.M*..%M3..:.(.Z.>xt..Tys%%\.W.;......F..-?./.{.3bG%.j...AR..Y....eu.aGY/.=.*3.9...zo..w..W)...i..........f....;.WO.Ep....M.o..iM..+..!>;d.."...n._..%w.......)Z......M....=.n,.@.U........#.i...0!bZ..Bh..+.Y...Vl....xx./.....o.-n...NT..Js..>@..<~.E=.#4.A@..ul.........v.!.D.9.....a.H...-.t.....l.:Q..Z.k2...X.\.0y............=.oB....j.....V.wq.......V.}...#o;..aL.9H.......o...O..z.K....J..&?.6n...>{_<.{...)'.b..|..-.f..B...<H.@2.I..O.$....Ej.K.3...F.3....".pld...]`.m.T...n4\..p......\^$r.r.../.m<..d.....m.U..Yc*;.w..G.".D.Ny^.Jo>c~G...)Eg.G...K....9.O., .;.. .)..3E.c;`.....Uuu.:..E..aR...1D.../...pv.c.Mt.xr....}.p.:....-...b.5.u..V

                                                                                    C:\Users\user\Documents\BUFZSQPCOH\FAAGWHBVUU.xlsx.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.817544683958402
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:omELaQdWPHrqCzoz9JlQFPBkh0wux8+rfjLM+fTbafyX:oqPWCoJHewux8SEinaG
                                                                                    MD5:D7EA66563B5250C84B859848C1563CD9
                                                                                    SHA1:55DE37A14DFA834708AF5B229BFD76FBFC9FDF8B
                                                                                    SHA-256:E64C63D7A0C39D74E05EE7C64DC17759F3A986F11350F5C71531F51F2C4D7A85
                                                                                    SHA-512:0335395F46B7634F8FE26D590D7AA74DE27C2030773095A7AA2955880DCDEFE323D8241F3B98B1F7C538F27AF52E3980AB97222A4DECF60F8109246407B8E8DB
                                                                                    Malicious:false
                                                                                    Preview:nS?)V2\.....[Geh..X.K.\].... `.....'..N.r.`/.....H...~.3....._..o.{...q.<.....~`gx..4....L.S..).NG}.'n....m\o....&......K...5.,+U.g.s=...4.3.x.......}.v......z.po(.,......H..=...T.......9+......:..d.3.q...=..~c.w"gTZ...R(>..m~I.M..M....l.N....WN..6p.0..."..V.hg...[.>...U...b..3Q'Y..s.@&.b.Z....K..tC\}..R2..1....+W..\@!.m.....!.+.....A....c...5.q....Z.v..b.........i.0.s...5...}...'.&.zk..R.....x&...B2{..a.....r.....l.3..G....h-.-2....eX....r.....|..LFT...P.=.5>=../;d..oM..D.......g.0..E...e...I...(....)........j.w.Z%...........).|.v.eA....u0...S.r...F...!z...v.633...X.}X......=,t...X..8#...T..L.,..+..b..).....c.. ......!.........V_..-.b...,....R.../........".&.x2.M<....D..J.X...q..6..*.".Y>.....L.......X0.h.d.....X..R....-.N/s.4![.|wT..."H.....^...:n..o.<m6.%....C..0....p..4.>E\..=;Kk........L<.......t#.3M.2kV.Rg......e.."........o.$B.l.gUI.B...J.IU..^iZu>.y?..%..1..6.dh.....A%)>.~.`...@..E.!..pL.B.".Y0.h..7.i...*...B.t.n...<O.V..

                                                                                    C:\Users\user\Documents\BUFZSQPCOH\GJBHWQDROJ.jpg.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.8048786371140295
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:59LaBGJK9ClfNfmGcxKKa7QppUhorvDpoj5fpjf:zLaz9ClfHrKa7epUhorbM5xj
                                                                                    MD5:D154CCD5A3E9A0C474E4F9C844023734
                                                                                    SHA1:BC7EA55A0DD4FCFE204A3E374EF324A6A85B81C5
                                                                                    SHA-256:F2E0AA238813B3E25440E9AA612AB9ED886A01E854A2E248B2606DCF1DFC0892
                                                                                    SHA-512:AA2D47291A14D8072059B4E672DE0EDBD21B7BB118A87D6A3A2BD6BADDE8DA135EA46519B93BDF7D08EE5053C282B495A9C82522C2BADF95B73230C69FE0AD77
                                                                                    Malicious:false
                                                                                    Preview:..y...6....q..a..m..Q+...u>.....ba.C......Z.ta..F1..O.,......(..j.D..O.f...>m\..T..<....?.../AW.l....r..c..=.z.....t.mf|bA....8pH.s|.Rl.w.:.V./.t... .........wsw..L(%>...M..S..3...TX.M...(<.......$....U`.F.7Of.u.4.P..'X.9..9p.......x...........|S...Ng6.....vH.=.X.._.)..jSx8.g..I.....%...u.S..!..l........h..]>b.R|.ZD'.i.N...@q..8.}.."{.Y.G....f.y...|(.C...N...a!5.D.l.J#Q'....C.j.r.A..._....>..L...=.h.....>..;....w.-:.m..k..+O...4P.o......r.U.-.....o..T.....9b.0M'.*......$..^k:...k.3iX......P+o.......a..S%.p........c.Q.dr.P.].S.|.:...T..Uok.yw.?.\../.Og''.f..........U.y<wK...q.;...L....S..D...;.6:...Q..{Pw{G|<..@w.5).;N6...04..j.T.....;.3..[G.EW8.J..B~N9.K...h+.I.^.... "g.?5f...NP.7...Vs.....6a.'.mw.y..8b..ZjO..u.....:.NC.\..o;......rI.q..U.~..{E..P.E....17................T.z.%.w..j...d....l:.`..C.(..".....i*..:..G.1....,. .P....i..1.]..A.}i.7...U"..gPn..tiR........../.k.....cYg....N..SW.).^...).(:...(@S.[..{a+..M.x.p......wY....g.e....^..

                                                                                    C:\Users\user\Documents\BUFZSQPCOH\WDBWCPEFJW.png.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.8232907721936265
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:nfhvfyM5aD+8hrN61vtAvjRZ8d4zyB/mqaP1l1Nwju1F/LcXa:J3ySaRhQ1tALRZ8UM/m6QFTcK
                                                                                    MD5:7852B6815EE604B66C69F7A49A3BC65C
                                                                                    SHA1:B49C19B0A1CFC2C68A08CFD88A1F72EFD9A94A19
                                                                                    SHA-256:ABEE82FF2A8E987004DE6AE954B3AD304E7C310BBCAB058A1A4D5FD436ECC961
                                                                                    SHA-512:836743265D2AB87970F80FA006B8B447B29F13408DC90CF15A8549F8C0C8FA2F6A765F5B8148711EC4791FB6EFE57D43F6F8D2F35E9CBB93671E44843CCD7C48
                                                                                    Malicious:false
                                                                                    Preview:Jv.S2%.'.$..d".....K......p...B.D.s....;..}.R.....q ..2.AB.|.D/..81z.......i.U.,=|.B/.D.)N:.%.J;.....-.....".Q........W$L......u.............].1........l..b.....P....;#D5.u.A...Z..'..}...=.w....8..$.l.N.d3SUP)...Hs..d..+....6.g..3...{w..!...{..F..h..r......+}...[@[(....8..E.tX.B.>1e.......|..12.G.. d#.]v..+./...C .......'...$V.z...e....|...;........O. ....0l...zP{........u.Y..ha.x_1....4E....'|`.#..#..A.:.N..vy.3Ap..7l.....Q..k.Z..5..m...a....N..<.uH.w.Q&.Z.A...b.:,.(..IA......PWK<.a..Y.....<.r.G.<.N:mc<.r"...go..f....}...m:........U....h.w..|.Fl..a..[..... p..;|..K.k..._.V..#...>{m:...<a.j)..=..p...../8\-..fg.:.....3.k.......r.A.V... u.n...*.r\X.H.}...).I.1...E.:..3.kh...Kn.&..Dy0x.....^Ju.c..dyk..I.7..N.Q.M..n[..5i(ia.{.74.|.L.."w... R.nF..w<SG..IZ.XeI.D..f.+..+$7.*....+T...D.3....h?.kI.&..~....!..S...A..b..f......F...O.i..6h....I.....&....@.F.....fM.t....}..Q........3....Ss...U.=`..W&4....j.....Q}...-........).T.._./.In>.......8..v5<4..

                                                                                    C:\Users\user\Documents\BUFZSQPCOH\ZUYYDJDFVF.mp3.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.8109567001316
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:poAru/NsXmk1Z/wfkjf8Nfi4MFaBr0FpVGNgVlAPI/:WAK/NsX554WFQGVaQ/
                                                                                    MD5:BF827D084E630515081338C2A44CFB54
                                                                                    SHA1:D8F53F93B667665D83378F7FB6351AD49A3B8BD5
                                                                                    SHA-256:7C839A040F94320455CB7058FA98BD4FF5C5E9532D797FFD2A615883CCB0B5B4
                                                                                    SHA-512:2084B446822324FDCF83E374FF5379A09BCA3EF3EBAE671F1356D252A03D5799C3725AAFCD26E337A14E15587D7B4CCD3FB05D94042F5FA386844A0A241BC997
                                                                                    Malicious:false
                                                                                    Preview:..1.$G..p;.8...S...Xw^....b!Y....u...6.k.G.!.y.........<A..e.6N..k~.O.8.{n.5...u)......7n....[.f{.K.D..B...~^...0w....c=DC......f.&.V.e.$...6..{Nt....:..!9B...u........8v.R2...#X?...PVt.#.kf....u.F.3v..w.V.r&J.LV5..$o.0i.<XK)..{hC.v=.n.&.vI..N..4....z...V...&l.S...*Wj....G&.G..C*nF.... .~W....g.C.E.j6...[..BY.O.h....8.w....e.....`...k..4..$E.}.f........Z%U.....V.=....k.U..)...P\...~...(....~.-..d..+I'.|.S.Y.+..`.SJ.~f......V..iR.8.b...I.d...tu...I.....M....{.x.p...)..ly.....R@..k.NOL.ME.EI......u`!.)d.7.E.,X2..iO.5M..!JA4?.0.{l.bNc....}...(.....ZQLN.]..k.a...&....d..Y...U.i...DL..q.x.9...a.S.^sB..A.N].cE..&c....H.r....u^%....#:<m..ei...%..o....Vg?v..Q...H.3v......gP.'.8..f.B..H.) 0.J. Y.'......h..5.Y.lfT...0r..5p.].x.W..%...kG..F.DU@S......YmX..Wi..8..h{..(..x4Ym......X...n.qE.8#8.S.E..M:5.n<..$./s..U..v.3.....l.@....#...mb..L=.ai..c.eu..B'-Q..\v.n..U....|r.f..no...A.{...>..z...k..a.g.@L.<.}...2........su4....Sh.@....B?..K.|...7hc.......E

                                                                                    C:\Users\user\Documents\BWDRWEEARI.docx.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.837133395538009
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:liRNTHTx1wILBsfaYNUpg58cx5wYNKyPJy89h3DV:YHTHTxiY0NUC8c3H4yPJy0lDV
                                                                                    MD5:07EECBF94D1619345CDD09EFF5F5E747
                                                                                    SHA1:CC172BF35D064E96E1F5AC9EB2A570407789E1F2
                                                                                    SHA-256:38DC767A976001FC1C9BBB024D8A20367C7F82B393C4D9F697A3F22B9DF42BC5
                                                                                    SHA-512:CD6964C9B22A95D2BDB851848DAD8143B1924A19142E7EF4447FED6FA6057CF2908A5BB6341B45662C9DBF81E0668DFD6E215302EC4F272945B32B74843BBFAD
                                                                                    Malicious:false
                                                                                    Preview:.d.=.h..tAF.9.d.....*....r.D./......f....kQ.R.n..vW.....jDH...9...4...L.$PW.O...h..WV........P:}s.e.+....:.............i..la..x...=......B..:\...t..2....|H.P8..D.I.s.*~.ZBR.y.8.R...o|.._.J..9X..\.JO.~I.HvW..U.]`t...=..3..V.RX[...2.m..n[z.$.M.B..^.#.e.J.dn.......413H#..|..v...`.../%.@.S..!Bf,I..Zj.#l#...7s......;.i...A..R.b...y|..8.T*..`.E.=Q..?...}fl.N..:..x......E..,H/.4..0.J<..U..z.L..xC..D.<..W...8.+..\.....~......F.e...M..".D...p..^C/...V0....T..V...Q.Zt.....G3s.v.Fv........bC.X..i......MC.r.y.....|.}X....wy#..Ww.@z...!.i.',.a`.b>.+.ee....1."...;.1LFO.....k...!h..f..J..V.y......XTe.N..p1....n....R.1r...;.,}.@..;.....RF6$.....3....F.../..&.cbo..^.]...au...#..1...y..jN.b.;.)n.6.D...&..9..M.(..1../.o...0........vs.Pt...u.[..m]......M.o.c....>.YY^..^p....73..y.l..o....Y{.......7,.....MI#^...n...q....ZB.p.....2+Nv...j..C=.j....7...6)..B.Z......,..6L..l/'P......?zd...._.N.....Z..4.g.....0....?.Gv....:...1....?......G.C..|^....E...d.O

                                                                                    C:\Users\user\Documents\BWDRWEEARI\BUFZSQPCOH.xlsx.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.789907991096742
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:uuQfLwghRjC50NypxGZeCJx0giDEN3f0ekWsQLR71p7YH/4zJg:rQtRjCNAZeC93f0ekWs0JY/49g
                                                                                    MD5:ADBCB6D24322F2F11DF320DB8B1D6982
                                                                                    SHA1:9721B96394E2AD9FCD97AB17BB794BF5D621E93D
                                                                                    SHA-256:3A029C97B4EF56C4FFD1D2E6EDEA3B6C34ACF93AFA011D94EE36D828E46ED640
                                                                                    SHA-512:BA2C755840F3252651A5CB73DCBABB88A08A3244F7F3640D87AB3E37AE8BA0E446CA72B14F510F09BB5B8DCE9124D68FD7B61DAE7ABA2C064C23554059B4FB93
                                                                                    Malicious:false
                                                                                    Preview:q"..(.O.......... ...F.Q....... SRK.....<...}....c...SE..i.*F!K8}.......n...K.f..@......\.m...0.#JyKCSjfQ...IR..;M....(l.?Z..ot......?b<.:A......O-..:...E....<)F9__.c.g^I[D;..........j.oa.Q.I./5......+.)+....../U...1_..O.0..E&...jp..=...I......Pv........H`jNI..q%=)M...Z....r.E.9I..s.s`....... .f{..G.W.a.wR"(.NV..3....).............f1z.!>._.|..W..A..!..Y....L..z...~.D.S.D.O..l..+3...S.....U.X...&.S......l..T)."4...fTYe..|....c8.0..bbj...\K...e..zj(.n.B.".5.f/D.9..e.........|..>P.y.I.S....|S.'.~..M.y..M..uS..F.e....Fb'...}.R.ckk..hjp...n.W..~...[Zt..c..p).....~G./Z.i..t..Z..!...w...u....X.K......%d.....W.g.P.S....>...~.sP....f.v.......s.md.-pP....G..:.k.9.JT.b.....7..q.....9z..H..7......D.H0..n...=3E.p....a..'.#.0.O....q..`.....NW.SZ......#..Q..r."L.....(.V)..|......wA.....P.X.Y...:.1&......yd......f...d.v#K)b@....0X...`..Q....+.....!S~h!B..c.1...h2.....@..!d..z...&]*....sh.{.z..T.V.<...y....IF......@...W.N.. 60.c.....k@.......[.m..o..

                                                                                    C:\Users\user\Documents\BWDRWEEARI\BWDRWEEARI.docx.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.821101627383515
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:dKFFsd1TYddUo1AMdpnSs1gpXKCsiP6Jtux5rOBqVpOL06:M3OGUMAMdUsfiCvuxFOBypp6
                                                                                    MD5:9E0433A76184678D0DBBB6534553A0B9
                                                                                    SHA1:9E1C21607EBF77672F9132C374312D0251D57CE9
                                                                                    SHA-256:45893025FED90988DBF3F3E7A9BEBBF561662EF8C25496489CBDAA633DA1A128
                                                                                    SHA-512:C990AD35DE0605C14D62411D71079657E464AB70D9679731CA883A29940F6A4A67D59007721BCB25F99097DDF8D657B590EAC474D7417B57FC6FD606D62C69A1
                                                                                    Malicious:false
                                                                                    Preview:.....v..i..g.Q..~..0Y]..f..S4.' z:.j.|o...u.>....{&.#...d.^....&.mr.&....p.....H........g..-......@.X..........T. .&..>.....q.9.....8..Mt0T...7.dg.1..-.d.J..H.^..%s.31.z..'.M....F...lo.[=0...........h~=N........1N6o.R......$.v5....m...-z.^...v.5./.TH.....?.9.V\.0.O.<X.V....8a..n..].".X=.#..I........1...).{.B]"P@.;Hm.....S[3....#.....Nm..6..'._m....Z.\).;@{.C,.........W...w.......g..,.:7N...8.g.X.X.5.tD:0..9.X...X<..V....==....U.<..%..;.......J...uM..M._e.Y.ii..D.....q...?....).|.Q<s....AOz.K.+....@..SEQH./....9.%4PL...d..%.P....l.N.So>Q....Hu.Sk.{W#9..u.<`.^.G..H.8.t...H......h....Ogk'1..8.pf.R...-..l3G..9G..[5..E...V...Ze.x.i3q%...V{S.../].Rq.......W0.(....!.Ld.J..J5.5.7Q.i..N.PB.0.rZ....#*..P..AT...c....;..!i...*....5V!...U...+..\%.O......24...e3........n.,.=.y2G..7&..$..#...5#,.+.a...";.XY.....E...:.Bj.ywA%....+.5.-y...C..J...j.x.)...N..../$..(..........B......1.k.!..`Z....L..Rk..W...$..4...r.I.<a.01..{....Qj\t...u..B...>q5tk

                                                                                    C:\Users\user\Documents\BWDRWEEARI\BWETZDQDIB.mp3.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.823507116299411
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:iTuTKEgLUxDsACmbCQQPGZdfZ7xW4+ik+KN9Vi7I2UPqLOQf/W8DO:iTuTKEg4xdGQQGdfFxW43k+WUI2Um7ry
                                                                                    MD5:7AE7B6AC16EC35A05D14DCC0A7DD63CC
                                                                                    SHA1:40EFCDD4AEE1F3ED9D7116EE34DED3EFD522226F
                                                                                    SHA-256:130E5A104A21E94B72AEEA378416B1C2C1B9B8AD6EB846F5ECFAAD15EC299A9B
                                                                                    SHA-512:D9BFB775D38655FC471094853BB12BBAF68D2E1B46ADE9028D7698B84720683ED0D5B51F843240853D2A528F29F5EC8650EFF48DFC0D6045928A121352ECC1C3
                                                                                    Malicious:false
                                                                                    Preview:b%]`.`...xLdG...E.ov.....}.....d*.MV:6\.;9..8.O.z...`Hy.......a........%m.IS.P.(..d..@.8|..-.....b...N.=.3.wB)867..Gu$.1X.A/...8..0.n....7...ibM.D.."...J.%u....D.}...:..h.A7.....^.~y..la.~...-"Z:_+UF...... &..k.\...\.,....U.Jd{7..r.MF.x@..v... .4.2.........2..{.......@.<..:g.@.V...,....k.[.F.?i.m.....p........2D..$.....\bo..".?.s.c..h.Q..n7.`....'^;.hza...E./.!....4..IT,S...*..........X/.D...<.poR(~.0=.(....p..7...s....^.E*...r.f'..9..j@W..0..w.O\>s....l.E...&.....8.c...E...<.&.<U....&.....A. .V..i1Bj1...o...^e.fy0z.9.0..VZ}.._.<$.....:ir..$.,.#.....b...jHM..%.."*...p......E.....YjNU....+M.S.B.[..d&..X..}.P.RU_...).{.{..=..m.H....y..G..G.....Y...0.......3.!y...&...<v...q4.e.M...[gXs.B.....H....Al.7.E...[[.S.b.!XD...].R..).......W.d...\.%...!.F........3R..(8..U.iS5.<..k..9..P..OG..Br....<.*....,.#.4..P....=.o.$..B.....<....u$.]..S...N.M....U2k....Z.97.9..%..n....!..F.T..P..&4........ _..,....-d..#......`\...)9*+...D.pW....d.Qx..|....J..9

                                                                                    C:\Users\user\Documents\BWDRWEEARI\FAAGWHBVUU.jpg.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.823594497042945
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:jsKRDmys3yBZ27DRzzLvLIoX+43UZemdN4bbRq9NqSgUZLQ/Bs3TuK82:jsMmys3smDRzXcoOI0emn4h4u0k5s3g2
                                                                                    MD5:B988AD28BD3D8D03116FA349E1123A0B
                                                                                    SHA1:E4FDA7317942CDB45E126376BEDDA702B0AFF9CA
                                                                                    SHA-256:99356D07CD036E23C7B3261FC4F82DAB4F3CF41D935BF3CB3C2C1B8351E76662
                                                                                    SHA-512:7C55F2C67CC764CCF33B85A99421BE2D6F4C4910A8D736100520620E6162BA97A84CD46640EFC86C6ECC24923EBB58B4AD7A9FFF4A5BE96F999276B7F609AC4D
                                                                                    Malicious:false
                                                                                    Preview:...pRn.sF.....<i.a.q.^...,g.5.#.Q...R....}...*.Q_.h&..F......0..4........1.]..rMq..?..|..L..!.P.'.o..t....6.k......X.....*%4.x....}=c..e...*.....i...j.E..y......s......q./~....n*8.y....;:......`.=8.......&.......<j.Vj.IRv.].yC...."e.'.U....(V.D..../.pAn..ggG...[0.....wl.-.....Y.{J.C%.z... ..0V;....t.....$..<.....$J..%..-.b..j..$.8......O.@....;BR.8.WjP>I..zw..y.r.....g....t...d....UP.@.E5h..7........m.{....!.cNUs.Y.".K..E...s...."8._.#....r.p...Ts7$.7.I..7.d!1.16.4...j.x"T.E...m.*.u.\9.wouy.u.3.....]...NIM.b.?..-......IS...>.....M.. ...M.%..(...=.>.P.}.S..0........,X}z...F.o#......!WW..@MnK.:...Z...H....n...O..z.T.aT......q..1..l..P.........a..yN.A..{.V.`..S.W...d.%N...*g.Q.5.Og/.l+=y.I.....d..r?....E_..K..5V..l ..~q.;y......../...:....[.7L5......'...TRD.....7R.....<......J..tH......S.*=...Q..I...$.x/....E.;w...i.l.../y....1..e..V...:..x...ef.!$.V6>.;..l...y"..W.O.j.`.Y...w...x...E..Is'.!..R[..a.(.i..\LfM3..w]........a..;E

                                                                                    C:\Users\user\Documents\BWDRWEEARI\UBVUNTSCZJ.pdf.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.821862804671013
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:c/Nae1Q7bpIpKtlMW7moGdjPj4MmaWFQUIDi9xxe7oR4:I1Q7bmpiojPjQlQUIOxe8G
                                                                                    MD5:3F7DAE67BF5BE62F39032023BCB38314
                                                                                    SHA1:B5ECB74D64A9D75220BA0B55896B41FD94FA3CF6
                                                                                    SHA-256:9C07D5A5E1EFFE46FAC847C9DF7CFF927C718DF9704D812B319B42F77FBE8F85
                                                                                    SHA-512:C2F36116973283FA6CDCD45CB527ADF0B15A5E140539E31D9D3E7DBF5E0B7D302C928E0F0F98C614AD80A4B40A985B17C29F90E70CB5BCB35517E93756C2070C
                                                                                    Malicious:false
                                                                                    Preview:... .!..*W.s|..h.&.-..(.fV1U..c1..c...K.* ..U.k.o?...&.a./..-...........4,.....d=..d..tJ.<..&*..8...;..lA-D....w...ftjKrZ#..-.....d..Uk... ..Tc..j<.....Q....(B.v}.......o.~.mR.....AT..4.I>g.......l..j..W..#^..........%"........+..B..V3..D.s..69/."...N.-.a...2..I....D-....U?...Y...H.U%.P.5.b... ....'.A._........Rq.S..[...=64T.#.....,."kV...j...p..^...mtg......!..M.4._.....rY..9.A....0...G=.6...^(.TB...a.m.x.oBs.3.........`....).~.+..w.....3.V9I.7.D_.,...D..u.^..u..b.:.......M\.....N.....:#^..Zr..P....E....g..(.L....u.l....A.FE.8..N.f.c..R.%\}p.......p.e.~........K..=.sX....Y......O..d(.V}E&...y.`e.....!.e....$.bpd.4#9a.)'.]....#.0.~DA*PA..^.k........E.EA...................G`".?M..:\.z...2I....:...(....:.K.6[.....Z..1N)z.. .....C.....%.\...../@R.X.E...V.......M...W..{.....6...[.{.....'..0...e.q:.!.o.VD.%k..S5..h.]....!...w+T...H...x..n5....BK....W....~.@...%..?.*...{d........T..e.V......G..1').~..S..mM8m.V...d..v....eL....@yu`.....

                                                                                    C:\Users\user\Documents\BWDRWEEARI\WHZAGPPPLA.png.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.806683944911876
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:snedpsm/+scDxcnrOKoanWihXtubqTWsL1QV4wIk:sKoTSr1/9ubq6sL1Q
                                                                                    MD5:3A895EF92FD8F3FFAC776517E1F2545A
                                                                                    SHA1:1B973CF0387A7148DA93DB0BB56BFA46DB80482D
                                                                                    SHA-256:DF003D1027B749CCAD3692D462C3074ECE95CEBF69B1D3DE2800417287E373CC
                                                                                    SHA-512:09A3A2FBA25F40EF311849B8AAFD26D8869C8EAB2151E091B9503D25F38A21F63E9AC8C347629F16EC5A38C46FC012039B85D450CA7A832A1983DCC09F6291E3
                                                                                    Malicious:false
                                                                                    Preview:RI+a.L...b.....2*...YY../... .e..a.MR.)...*.B.|.=Sr..J.V.6!.....P..Y.......L..............g.........#.......Gc....u.8..7!.#ivd.'K.$[.p=.\.M....o`....W......(......Vp...a.F..`.k.$K..93._."`........@..w...%+.v..\.*.h.-.i.........&..4.X....l+X.0..|*".0...QS)q).~.............i.j..y...tX.~.[.PHAC..a<.T...R.....^..IT[@..B.!.>.X=G.Q2.%......@._%hi.$...y.>...]..YI......%".)hu.....~GL.E...>....o..S..S.3.;l...|.M.....T.kFh....Tf.....y..[.sIU.......I.@..[.)..LE...%.%....3....b2Q....k.3..G........F......8..(....K...J.q..%D=...Q....^.Si.2..[..M....%......k...4.BPN..^T.%8.<>z...I.DX..3...C[.A.....H..,:9'.B..R..I...f?$..Vk...7>)mV0-..N..e...Ie...#.C.-.....'.j.3.9D...|...p.../.....@r....C.T8.c>O.]....v.-.....@Z`R..rwU@...ZN...=N......4.pzm. .>./.........W.s.,......)O3.%../.B..z._ ..7S..P|.F.GW_...l........Rz+c..7..m.W..6.2....V.8.R(...O"=..9.$..-..9.k..et...C.....XI....i..Z..f...r..6i=...9......<.@.H....;..D......]B...e..A...*'...w[F...#.l...*..'..

                                                                                    C:\Users\user\Documents\BWETZDQDIB.mp3.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.817197424268591
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:C0LN76byUn0C6FmGsQgYu1//2KZd9xbH7O9J2IHNITyM1ei:Nw70C60GHuh/ldP772NIu0p
                                                                                    MD5:557D24EC381768A09A4A244763392BD2
                                                                                    SHA1:EEBFC04D08CE9E0B57FCF174E64600F0F6BA524D
                                                                                    SHA-256:625AA30BA0FC8C2BA80776166D53FCE111E40000C0DF9884C16BB460369A47EC
                                                                                    SHA-512:28841695CE4A83AC308238A8DFC4AA3B7C8FC350A18A2AD1329FCE071335973CE869DAC3B3F37E0EF23EDBCE49D26D512C96BF5D2784DD897FE020CC936D79B7
                                                                                    Malicious:false
                                                                                    Preview:#0./..:T..AR...YJ..c...... WQ..F..A{...*d{46...ZHX.2....0c.*{3Bco...8...%%.C...il...'R\7U.pmuw.!9-e...S....y..%..q!.....y....PC.:,}.J..g...j..d?.x.$.....]F.Ae>..BR...R....ou...3.. .W..........C.J.k.:.j.RGV.7.=c..V..K.....>........6.....A.ky.....N.R{...&k..9...0......d*.."t.......1...TC..g.()......7.wT\.v...t...[.{.u..}.......S3.BF....do.B.<:..3;...B.[Mz..Z@..S@.t..I..../...........b}1J...<.......(n.-.....8.... ..k.............../.-.....,.&.7p..2...n....RW.......f..5.=0w.=..OCm.....5..jZr....W .e....q(?......o....F..#...... ..)I.qw...}l..\W.xy.^d....`...~.bi.x5....J.j?.q.oH#.91,.it.U..../.'.....H...M?:.w...C.ZL..G.+.4...re.[;.!...1....-|.9...s..`...p....].u..7~....#.^{.}P7:.....>.vG.....7'e.W..o...S@,..lW..\t..g..T.{z.w<j3....L..<.....pg.!..K.V,|.......G.LB.x.......^..]..n......1.hN..;&.e].T-.....N`d&kV.;....az..y.d.U7Mt>dW.w.......}..K..S..>3.L.4.............%.}.1.r5:w.B.z*....r.*k.2vL}(...G...."..Q..tLw.C.{(...u....).Ne.....;.-...._.;..,.(.

                                                                                    C:\Users\user\Documents\BWETZDQDIB.pdf.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.83741624147074
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:5aTCDIJut2JeYc2uhus4eMLxUczWksOmg0kZZHqpWxKBp2xd1L:0AeusQrhkjtUc6jOmg0kKdpY
                                                                                    MD5:E7B81C1F3E0080B52E3FA4E2EA0289DD
                                                                                    SHA1:CC1814AF32C3B66647930DD571F69A186741A065
                                                                                    SHA-256:6825B729DD1C4FBAF9C6DACA1AB91DDE0404C04A0885B56CBD021BCC32B50247
                                                                                    SHA-512:CE4BDBC5AE16589995218C0E1AFC434A6D4B9BCCC0F97391DE2AAFB9E73F2AF0041A17152C21920FF10142A9249765D945D7498E86AD4C2480EBF24169852234
                                                                                    Malicious:false
                                                                                    Preview:qs..9..50{..7.4.......u..~...R/(.j.L.u.A...}_}......~.7....8.-s..p}.HL..Io......j[b..}..-.XW>....Q.9.....]....d........[S.d.+.n...k....6.....A.q.5..)LCg...y.HV.....T..e...z...T..v~...M%.........M&.6!..d.S.O..V.Y+I.....S_. .....W.@3O.7.w.........n,./...y.6.V.u.....G..>.c='..*..y.3.m....tMGS....ZAL&..r..34....f..NT_{".K....5ZH$../..}.[.....n.Fx...s)......-..val.&..c*......~`.I.....[~ii^,F>....$K."....M...%........A....V.s..<YHmF*...6.rQ.w.A`..K.....L__L..*0HneW$| e{.o.....#....f..p4.......i..zi.....S.)&.E....GI..=.'f...D.X..bH..y....yoy&.....'...MP.c3k..fW.h.....t".J.>6.6.ul.JG[R....DVz(.....g.../.....N.^!^d*h2g..tbGv.-.....h.F.>.?.V...~.....k.=%..'..'<.W)..rjg.+.@8FJ..C...|XJA.......m.O...6....B/k....0.....B...q..*..XZyi..<.71f<....5T.......c..-...G.......Kn.VZa...>J_,....C..FJ.||..5.{p...&i^@}/mPD5.*...W=....:.oih........5H..6.........>.A......x.N/c...7}...V....wd..R2q.G..{.k.Ys5;..~..... z...n_x....(>.C."6.W...:..........).Rv...

                                                                                    C:\Users\user\Documents\BWETZDQDIB.xlsx.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.821007603647956
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:HE0jGL7lqoA5gR0luNn1K/V39O8zjDvDA368ZxtF7ZMqQsWZt7:k0qLYoDiu2NRTDkRtJZWsWX7
                                                                                    MD5:F9603DD6155CAED465BE5120D279363D
                                                                                    SHA1:F931AE5A3A2F5406122113A8680E95A930AD890A
                                                                                    SHA-256:6C3AAC9317D71EDEE842138BEE9CF3764B682BF7EA69DAE969AED6020661A305
                                                                                    SHA-512:01840A7A0EA27A0511C988FF553A7AEC231A925E6B81140B428E2CC9291EC75192398800C8408C244C38A1DC01832F7A74EC5F156578E0D0EDF7CFEA07BBFF87
                                                                                    Malicious:false
                                                                                    Preview:..^.&!..n..S.(.C..h.....<.U...5{.-..cr.V=..0..;`..a..(i........mX.<.j.D...'z.O.y|5.E.{...r...alm'OV.x0.G.\v....x.B....#-.f.O*./.p..M..<....i...5;.......k..q......;.~.C.|V.+...v....Uo+.c.E....*.J5...^~C..'...*..T.......e...m....K<2...c.)yFH..oCj.3wg.-...o.S..AqUk.w.|p.3..$...%3.!*..)...Y-c..m.,..Uq..`.~...a..c. ..W$.;.O..[.;._5|.....#k..i........:.... .w=.Y)....v..dZ....p >..<Uw.ia:(.X....|.&.....=R%R../I.PA..R......'_.K6Y....zC} .1.$p.n.f&z<C..?.]z...(..>..Yn.[..qe...y......x............(t..N....I.j...y.......bU^..O...........]..-....c.q@.g....4t..M].?...5.m4...9...D..(n{.o..V/-..j...$._.g ..b...U..A.c..#..tp.*..Sv{.{..d...e.@.....t..*.....1J}9dm..6v.}.........'..g..e_B..O.jm+'.D..Z...:d.@{V.....O........9..........Q.7.P.p.m.!9Fqo.4..0..O...0Yw...0..~@..M.9kz.8s..u-..G<.m]...!..{..........-fm.@].Z.e'.......EA.....bTf2...w}.b$}.=-.HB.....k9-OG..Hh1.8Bi.G|....K.^.W-....P'.{...o...*K.....C.N'...<.iW....BpFDb?..........

                                                                                    C:\Users\user\Documents\DUKNXICOZT.pdf.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.824629514629973
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:tmjPBoGXzt/9UtkWGkuVvotNwc8EV5mOvtfmgndJugQ:01JWGJsvVEOFfmgdAF
                                                                                    MD5:B781BC64184ECE5424A416843FD200B9
                                                                                    SHA1:D3B626972DA4FD5907C33472BA14AA5E099789E6
                                                                                    SHA-256:A12F37E254883CA42395C0EBC3FA0BF3195CE952EBDEBF26BD80891D9ACC3D2F
                                                                                    SHA-512:9D6F312C4207282ECD1F4D5864613876013F05E0E16B0F1A8832BBE30C850262C62571A357160483E87562F09BC9439940975A76AA81E2B12666FD5DF52A7A2B
                                                                                    Malicious:false
                                                                                    Preview:...i^.......././].%<.`...yw6>.ui.%'#.#.'Y_.....F......#=^.......C....D.V..mR..K.hz........@....#)....p...3....Z.N.....W....P.%...h..^e.!....%.....fp...D.^g.s*.....;1:yQ..&5K}...Q.&4..g(...@l.N.F9.:........Q|b.5-.....sr.w.....f.&.7..f.D.../8R.......y...o..P...&%....)..EK7.>.-d......Z..g..}mU......M.3..nF.B....(...YY7.......z.u.q .?..K..U.W.Ke.)hd.j.V.....r..+..V...Q.?.1.....'..sTtm.......B.cE.|......iX.4Q.&k.O<.$o.qnv`6E.*..AlC....1.'g(q..RO.m{.2^?4.)z.r....w#.Q+|./..%..rJ.e.)...........q....R;.;.5.. ....S./).cF.....k...s.&...=...rJ.Ea..6Sp..*..j.T.........R..q..H..*@....'.H..............+...........|..../...h.."E\.....Lj.c.....7.7d....K ..&c4....4.u..<.......`..J.i........^.....T....V9..S.%.D.6.2W..8.^..h.F<G.!3.o3..\...&..' .p.!..NKl...N...9r9..$).p.NtgB({pkhH........./F..RJ.U!J....GEB...[.r>k.$...U..GbL.....=.....b....`.......h....c_..y[....9v.A...~......~}.hQ....?[s..H..N.....#..n.\\.....4.Z...!..}...^......o.W'....$.MFTn.....,.%.

                                                                                    C:\Users\user\Documents\DWTHNHNNJB.mp3.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.771905423250493
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:tkfvdiLPAHwxMLGpoG7lep3F8dC1Puu3m1IROnylBqj:tkfooQxM07MpSMW2m1INlK
                                                                                    MD5:F76677179AC419ACB5441D4CEE8E3112
                                                                                    SHA1:34CF97F13D99F3B22450577ABF1C5E7D7430DC00
                                                                                    SHA-256:1A52B99EAF5854246991F5428B9CFE3556D4C85666BD5B74846A50197DBE4957
                                                                                    SHA-512:6B5A4F9673956B8A99E6E8401661A06AE37D8FE8815C9017E8242D6331C0CE532ECFD2790C4CDD89B5F0FF80876882EA4AA91BB5BBE7F22464D78F9B80F95C74
                                                                                    Malicious:false
                                                                                    Preview:..M.C........]..y.L.el&6)@...W...d...w.&..:.......F...}.||%..W..UU@b...z..?.D...&.N..zrA..x.!.q.x..:....n...iZN.o.>..z=..l.'.yO..>.+:C*.n...Xl.[.....9...D.R...v.)4"L.%..P...9WB?;.u|1.2L...M;>#;.+0...N...3%..Kf..z.#!vR..<m4..i.ZS..M.i.E.....w.....C.`.{....T......v..h...).+V..)l..G'*p...P...o...;...[........r..........y..Xu.h.6L..5..[g$.....u.D...1m.D.Z&....B?(......h...M1.......}..Zg..=....T...{....}..S./...y...S9;F{.Hl.r/...E..xPc..9.!7.....n..y.J ....8.L.'?...k..:aye]?...}..{-q.ZA.3i...y.7.M..|...N.'..nU..v.....g.....,U5.......9eU..D.y.|7@...+......{.v......./g+.....t...P.x'=1s2$.!.<....x..*edZ....E.. .ya.C.Q....]=........-.\H.....=..|p^.....6./.c..0^...yy$m..{......Fs.m..[9.I..5..]vW.-&..:..4......"<R..O6e...k.*......5.{.z..%gA........E...O..@..7.. .#....9Gc.w;KL.>...L.'..U......+.... ..?].E..X.....9.t.&.......c...srl.5&%....L..$.Kz.I...J.....[.R8......].1;.......QF.9.!..W....{G+...Y..%.7...N....R.#.....t.).p.............d.}E.}..i.

                                                                                    C:\Users\user\Documents\FAAGWHBVUU.docx.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.783932620121023
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:vEmcCfIj7+HmdMv3VrqP4kpJFAGrDtSXIjA9AE:bvG7+wY3V+PPMXIjA2E
                                                                                    MD5:887ADA63157F9C5113BDE93F2DE7C26D
                                                                                    SHA1:DA0730BFAE3DF085B8218AE68B6C06109AF2AE99
                                                                                    SHA-256:50AECC7E3B39A9F7A94DC0846A06DD44948FE503AFFF65049A13CD88FC7B1762
                                                                                    SHA-512:FE3CFD7C89311DA7C93ECE5FA15D2B04D16A3B9780787FA28046F94C6F619A6624BA39488F2E92F1EE20FF12663D12CA42F36FF181FAD5307ED8498F7262B451
                                                                                    Malicious:false
                                                                                    Preview:)..P4.$.........)fRT:..C...._.......Y".U.]?E.U....kK^...]......u.2.)s..U)..3W...;.3.....l..;....%..|.9....t.8...w.......(.....=;.[4.4...W....(..t.N.E!....JI....d.c._\.V.....oLWv.#U.^.2.o.....;u!.M.@e......]IV!.......%....].4.du`v.P....).g.&......J.qiW..h!.....F.l...]...n].4.G.8..*.O....n..[PDNlH..1..]..O..S.d.WO.xL8{.0Y....]aG`.Y.....*.....A.."..b..1.V8.....-..!`^.Ns.x..c.......{Tq....B.3.l..6....S..'.(|.r.kD.].E....k....R |S......#.}.s........+.........1)..{..`.t...Ag...."`E..`.......^.I...`J..b8.c....(....,....$.}M.-@Q.I..~......0m....G..Z"...W..Y]X.,".S0$O..b.....j...f.T....MgbC'....^.-.....c"....8.E^.~..D...`........4..El..F...V...z..^.l.}2.......kDPi....s.G..z(1...o.j...EDI.[wf...5i.(...q.......Xw..P....d 6.E......x...l.U..Q.b.........d......+=..:gZ....J..s)03....3..C......%..QZ0..2.7AII>G.M[.K.F......0!c.%...g^..A....I>..t..=..E..k.\N..k.......T!.....U.C.h..P....M.^".V...\).!Z..i...OS...9A.-vG..........l.....7..i..*6....v.

                                                                                    C:\Users\user\Documents\FAAGWHBVUU.jpg.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:OpenPGP Secret Key
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.806458442170978
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:IoYfNkzfSIYA4zA8vbY62qXP7eI2YAir7u3E+RjAavsl3K:9Y1kzfBYAxV6HjezYACYEmrvs3K
                                                                                    MD5:55F132CC0F2E406345BDC254270018E7
                                                                                    SHA1:1637DA20A740AD41E270226A02D21C761149C5A9
                                                                                    SHA-256:4D0BC110BACE70DD4249785958B8842092604FD7901AD107F28AE480E84F8B13
                                                                                    SHA-512:5FA484FBD82988B7C03735485E8E2BD25F542814E92A82838013C751BC9F2551DCC17D934A3749D3379630ACD521A2183582DF9C786F04244E1518514F3EADA3
                                                                                    Malicious:false
                                                                                    Preview:..K`.....F..g..wk...1... ..l4.?l....R.t...H=.->K.y.._..c&.5d.GA...........wa.N."p;."....kM;....bN..._.. S.o<.0.H...'....b.x.y.P.F+GH(.^%....L.V.x.QC...W=.;B;V..o.....a........C...|..l.d;@..._p:=g.../....Z.eP..#.w...G\!O%.|!.7o.&Ft%.b...p...}...V#v.?...@.7.a....".....6..P.5m<.../.,...N.........%.k...Z...r).W`..{>-A*....v%fo.....jV..P,.y,.>)w ......... .@|..5."|I.Y}s@.L.f...# 2|...v}.......3.0]8..F3...U...q..5..o...B;...Tj..9..5.........I...... ;...5.~.y.F,tq.{~(.;fq.~.g..+d..F...1..&g.t....1....X......{o.h.4b.4x..j..:9Vg4......3E..g..ur.xIrxX.i....V|..5j.s{.^].2RE.B...|V..b....$....)...T.z..H`.4.....>W2e.m...e9w@.c...vO....~.$..V$n....E5...K..]O..W....l.4.....E..R%w]...^$....v*."....W_g_..q;r....Y.4v....M...?.....u.3d.....a.>6I....y^E..........V.P.:.7....F..2k.u....2.:x(....=...b.D.#.W*.\...........-.X.....d.....8.G.9.M .q.p...OkWy.F.W..b...m|....e@.../..t.2?h..v.....5..|....q.:.}qg.l.......<X...UN.k.:.........K.9..0D.6m5EE..iS.|.

                                                                                    C:\Users\user\Documents\FAAGWHBVUU.xlsx.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.814628708585206
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:PufX59ExT+t1EMnEYkafJiwnxwyO04rPF9xphv4BAdUHSGMHdTUZKn8j5:G/5FnjJnBO04rPF9tvODud05
                                                                                    MD5:3FC2928AC6904A315C79A7200AC85D35
                                                                                    SHA1:6B6F061578739F9DD58D3FC73984DA97FB1771CE
                                                                                    SHA-256:E131DCC015067D94884851D596CA3BF7E52898DE05CA7EA16F375BEDB07BACD1
                                                                                    SHA-512:81BF43738FAD7FCBA0354ED6458AF97AAB5807098AF1B1B213D103B3544F22A5EEE177339D0A60AD86B59AA9C9D87CDB8F3841002187CABD759C48B852080103
                                                                                    Malicious:false
                                                                                    Preview:bN..R..9....P..]8.n.....J...3.....w'.Z.-2._..n...s.....@.*...S..f.#..W... ...6x_.mr,...3.w....h...TH.R.,.`.L...V.U..&..M.{.y./..e..$S....;.e.v..Vn.0..x8...9r.6..H(f?e...2.!6a....... .Tb....Tm7S[Y.M:.{]....@+...&.....w...n.P....plD:..f..5U.#..\}.f...=...]...l..8.S../. .....d.p........a....9eOg...bb.`...x.."{..W.6./W2{gS...z..tHZ....m.#!..*pUP....../7oC`.Tb..J..gq.[M%.1;....`.K..n..<3...cV.F..!...SM..p2=.".X.s.}e.ODtU..........`..o.^K.t,.. :c.....L.U...Z>..w]U..m....0X.....T.{..q...Q..X..'U3....S..BGs.Ys.....Ab..e....{..D.k..'....J.FV...kW!o..Tv>.......vi..=mkY..]nS.....I..'.S....v8...a7.*....z....x.c....w.l......u.Hux..r.>.$..jZ....IpF..`...ft.2.V.....A+I.O....b..N5t_...!H.$uzy..k.9v...Oi\\...-e.[.s$....v...J...;../,f!S=.....;......PAd.=.+.yO.a.~..P.5.B..E...R..V3...N...@a.../I.....pr....,;,....bQ.`.n..W.sL!... .)6fZ..>(-go.,.<4...&...5..}bS...P..jj..........iiSM..+..Q-.$..="Q3vt..6.,.pL...S..2^M.?....P..V...)..=[W.h......!4....F..

                                                                                    C:\Users\user\Documents\FAAGWHBVUU\FAAGWHBVUU.docx.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.853412809706495
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:x4dWlEPRWGrC94WRTtd2PRM33MyB136wJvlj3gDSFTIF:QNWGrTWQMnPPNJ3g6U
                                                                                    MD5:4A3931529D8397365399BE7251482D7E
                                                                                    SHA1:93CED73F44D70A933BC998E885E32492D739C8A8
                                                                                    SHA-256:0AEEA4DE5AD6F76ADE41AAAEE0BAF671F0E586775D90E17DC4B6D9CB26177024
                                                                                    SHA-512:623F2361CAA0EA6040A3978AED0AF5287880AE831956143190250B19F62F7C0F6808C275CA6FD56C216AC5E590619B7CE608DFA99DC172FE281C22A977B7BE2C
                                                                                    Malicious:false
                                                                                    Preview:.WY>v+.<...:.D.f....yS..E.V r...9...<.....A.=.{-a../.o.. =..6._.M4..:.<..C.k].......wC'..$......4c<..........Q.A. O.3+9yB.6CZ#.......;P.,.j.M.A.G.l......p.0.../..]m.n .+mX'........75..X.,I..).......qgz.......>....T.j"...{a.jT...d%.......0R..o5|G...Y...d..2.@./@..|.{...G...T.W6..\..&G.d..[Sm...|*..>.a.}.5....lcZ...|1..._wL{.Ef ..s.3rTCF/...Y.....;V."u.8..1..a.A.8j..$..".y.'Tb.._.............Td.L....g.BB2.......1....H..RuDiHC..6......lE.:y.%q{b.Za.Te./..!..t..........%B..1..VJLe`.ys.8m...Z.~1...y..C{...;...0....?......~b.!...........x.z..H..3.k,a<n....>.....(....p.e.X.Bg&`.R ...?T2e..,+S.7.>:ev.%..H.p.b.o&K4>(.nf?.HUD...1..DxG..M.W18...XC.Y..@<....]d..w.$o......:=.....=..m......D(...=..6&.....^....*.z.K@.....G...+.X...+&$..g.M...v@......w0$...b....]s...)Ay...U...u.sS........O.v.+.ql...t`I,.....}.[...[.....-..+j.}I.H5..(%./N..D.*.*[....w_a9......[.........{?.G...$mo.............Z....6.;m.(.Y.7v...*...tN.:?.J E*.h....B.........3...a.V08.._(

                                                                                    C:\Users\user\Documents\FAAGWHBVUU\FGAWOVZUJP.jpg.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.812459557058135
                                                                                    Encrypted:false
                                                                                    SSDEEP:12:BqYMlQyJVe0p/MhXF7W2UNJJXagt5dYLU0gFjWLFJA5sRi61nkKumaVrtWDCIG7C:DiQbG2UNnjLBPxgvRikk35WDCU+ZefK4
                                                                                    MD5:B6799B43565E90B137AAA914DF63112D
                                                                                    SHA1:495EAD48404B70120C9D27CF4CC95C9DDEF2A994
                                                                                    SHA-256:B4281140129890102439B33ED27052E1CE969ADF14D5F5274CBD5D12F479E38B
                                                                                    SHA-512:CC8012F3A51CB5644A5284F92B6BA991944AD449D6BE9A180B57290EF51BF8A353B69DEF6FDD0D35E3EC536B54CD903A04A5D33C7AEDD4021ACE217506D4B89F
                                                                                    Malicious:false
                                                                                    Preview:...8..3..M..Q.16.%F........*..}...?..?.~R..h...E....[..!#6.A..gs'....!.I..].j..S..B...........m...Hh....].C].L..#GN-....'U....q....yR....<....'.`."b....2...g.=}.h..n%&...gC..r.x..F.:.r.V.3.s..MN..]Z..o...B..'.g.Y.].t...sD.@..B.TI......P.M.o.{8.mA.55..J../...yj.!..2.p.#......k....A}Q;..3?..Y.F...F........B.=..;.).#w..r.....L{........d..I5.II$%v....^.:...hG....".6...8b.d,.Lp...i.b{|.....{.xO\vm.. .K.n.:4.D.1..,)M..I..=D....l...V..4a.....Z.g#... j.9...rT.o|.9L.N$...ep.h..de].>.[..`f9S.^.....sM...e.e.....S.$.SP.e...Z(UJ..k..-.....j.H..5.P.?.....t..y.KZ.....t.J.m....R....s.s8..=.k..Y9..U...;....?:U.^].w.,t...Y$...:.......'^...w.M9..`.FiQ....4.6.+..W...8$.p~.4.H....I..#.....is..7$.~, ........Z.........K...)H...|......H.h.....].=..].Y.eHe..v...O......K...6g....^.G.....e%.Kj.#...OZ..y..p...s...u.6.F.pG.=../.>..VJ<,.iO:xt..YU...&\-.CY,....+9..u....."6?K...%..W.M...n..........=...N........$.w(..b.V.S.>%... .<;l.*.*...*..3...V.~B..s..`;.}.a.#.n[i

                                                                                    C:\Users\user\Documents\FAAGWHBVUU\GJBHWQDROJ.xlsx.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.817874142107808
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:EjN50PkwZ4WiDQ98TsqlyS4FjS2P+u7SDwnatfiTe1Xy3b9hv9:A63R9gLUFjNP+ESD3fiCK9h1
                                                                                    MD5:DAABCE2B80A8FCD7FF4EA91B7C141FC4
                                                                                    SHA1:F99591311E3C9DC605D2E72CCFB4F41B1FC55E3D
                                                                                    SHA-256:23FC8FEE3A988AB9271B90676D44FD1A48568063AD66844BA8050D7B32D48B70
                                                                                    SHA-512:CB0934E57145AABC5483D55545D9E717185AA1426C1C1E35C85C57BB8AA9D874F89BF28094CDDEB5ADB50D4F2CF05F671D1B4A47B669058970E7A823159CECEF
                                                                                    Malicious:false
                                                                                    Preview:@....W...L..Tm.....;.I.t4...N....L. .F.....?L.t....la.@....v.i.yI....:C......)...z9.Cz...E$.V...5...........AG........^...yG....i..../4D3]r..'..."...R.+.g.$..<.MM..oW...._^.S.?~.#.....$-v.......%....E....KR..T..d.....#....Q..XxK.B+e..t......}Q!~..n2......r..cC%+.U*J.......]..2.)?K\s..xI........P.i)...Z.)g.|O..t......tV..U.....F u\......q8..=......Y]4"kA#6..r...wv..D...@G...s.....CK./......IS..C.T(9$.>.h...`.;...!....%.dY..x.]....4Q...G3.I4..t;..d.......E+..Lwk.@se..l...b.^[3.7..}6s%6.4....t...p.,....UB......dz..:x..2.a.]....4.^?s~W..U.*./.\...^.~......!.c.i'Z..r...J.Xq.Q.....--..y|..d_.:.....G<.9.....8....H..|5..O.y.Y..8H..0". .=R..._E0.....f).&.`.I...!.....r.......... $.e.."A0...Cnx...?...?..PI....3<U0oD..t....H..)s........!.w..K.ADt.V..m.=..a..N.OM.V.N.X][G.~.....F..Af...*..........>.G.9`.b...uN0f.n...D0..n..D.....!...X...5H.a...0....[...@.e...3.N~LU;..8...Gj.~Z{. /.U.~....+....5~F.].kl..`.h.qY..g...|..e.Nqm..9.S...T.d+.V`.7]...n..5.<

                                                                                    C:\Users\user\Documents\FAAGWHBVUU\JJMNFRKQNU.png.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.82384174434819
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:XQTiYWlunluZ8q42M9u5h3BVUbeag+X+hmNMQx9ENw:MWIluOq4V9DbeagHhmFx9gw
                                                                                    MD5:CF1118CCA7E49D3D2BA260EDAB199E31
                                                                                    SHA1:E299C70118E61E6A03F01D6580861D3064C1273F
                                                                                    SHA-256:2008E9861C9F9564263D8B10CD407B950A82FD7898BF4416EF4018EB46504A2E
                                                                                    SHA-512:F8A1B7EDBDCCC31BB76B8D55FEE008E3691DD95FC4CCFFEC8B508972052446DE15ED9044D1DD6D0007FB78744A2AC092D500B37941E3A0A86915BFD5C9472015
                                                                                    Malicious:false
                                                                                    Preview:..a.+n................?p.......z...=D..O..Tg#.....A..lxb.d....k.....$.*....D..l.r,...o.....#.l..@...L_.=...7........WcZ...b^....j..v..O....&.N.0e..Rcc/....&..}L.....&.y.y.K....@BB..:]@..Jd..g....G.9;@;`.z.d{C.U.Yw...I8.A...9B .......@..y......W.#.yd...":=[<...q-....w.2Ds2..&#u9...&.ckR...{o...9..IH.....Un<H7..V)..]<[fF.5s`..a~.l....>..{.k0..#$...V..]_.H...c\|.}Mem........6*y.T.:..B..K..&.2.B?.q{...H...Y9...jL/...Y...H~P..q...B&..fGHG.7........N.@.U.M..s....<..+&..~.$..9.lJ....TS.....:.....}M.......{l..q...e)...%Yg.+....../.WH..*....p.s..Q..6..{...[.d...."'M....&1A.`..Q....+@h5..@ec.+..Q...^".H6..L...u.......M.C...~.%..7..y...g..)e|...Vf...Z.c.d...!.9BO.x.14,.*.w.L....).x.4n...<.3T.9.?.."=.0p..z....3.W.U.p&...{E....j.w.S...).3._.E...^Ji..I.[rh*\...T..<8.#.r...<,.. O....=....>.(.-...y.......+.....a..s..c<@[mb...zVG.:.,.....SwSS...D3>X.*/..w..o..t.k..A\].Au6..y..6a.......1c2...,..c.Yu.#...m.N...{....Z.,.V...a..U(...y...2\..e.v.)r?nj....O.O.....

                                                                                    C:\Users\user\Documents\FAAGWHBVUU\QLSSZNHVJI.mp3.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.835501564637883
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:Imr/gMQ9wAonyICvKpcF12oQzwxV+4cmRiBaVUrWZfHtCZdw:Imr/lQ9wJnyI+2og0g6+aVaWZfNuw
                                                                                    MD5:A00F087AF7557E35D06600D398C1D3B1
                                                                                    SHA1:FB12DC7BC4A0F4E87A5C1EF011B50EACA7701CCF
                                                                                    SHA-256:BB1A984D2C23CE5FFE1718151DE5AA5A76639E4B12352ADD82EB0B3A57085EA4
                                                                                    SHA-512:AF2A5059F6FB01B962647D07244F2FB36B3C4D4E7E07862BDA6A15F421EF72BEE072C2DD9B2A3BECF8FD2E1EE08606564C93CF3630FCD79D414B2506EB40BE5C
                                                                                    Malicious:false
                                                                                    Preview:M...i4.(Q....#..yW0c...F.O.t..q.....n..1I....d..AMe\q.".:.....Q...f.........I.B.F...?...Z.5........CSk.A..[..............2.,..Bi.v.m.......*?.c.Xk.c......#..K..{.jL9.C."a.ruT9....y...Ew.m3.B...zx@.n...#.....*h..m...,N....W...90r.....e...Y.{..(eT...\i)..V...v.............Y...M.g.l.a...(.W.\..:{....Io.XF..:....A.ggh.R..04..Z~...P].G%..,:......2k^..J76T*<...R..........1....P.-9.0<e]...e..`.....Z....b>.?.....X...G>...-.]s.?._....2..8.2.N.@...'...e.....[......B...::.x....$b/....l..}.b..O.........8q=...-...a.'...A..p..@I.I..0..%.?..t..R"e..~Xy&.....Y...7\..j|.}...H...N..p.^..G..iO..TK5........nW..r>~OsUI.$x..RU....JHo.tR~.y..C.......+.5.f..4C"Y,...G....6...QPX..L..MP.b....X.;q..4Mh....^Y.^<.+@...?]k....W..L.e.zz.......8w..|.....>e.S..up....~X....D.s......}:|@n......@(...f..dI\.\...Qw...RB..Z.' M.z....../b{.6...Z..4a.F..q..._%........8...,.....-..O.=....S.a.....,....F.si..:.......[1.X...1K.._...O..."N.~..!..Kd}.Q[Ty...{xU...t..\.{...*`..../&1)TE

                                                                                    C:\Users\user\Documents\FAAGWHBVUU\ZUYYDJDFVF.pdf.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.810288412903073
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:O+8l0w/w2ko0fQ/K4wIOOldmTiNJI0j3VOEM9ouB6eHBO90:O+8jw2F0f+K453lHbVrfudHm0
                                                                                    MD5:E90FF092E54F95875DC3ACA746793A7D
                                                                                    SHA1:0F038A85DB42C6B9840553161D2DF1AF40A2021F
                                                                                    SHA-256:F7CBA62A6E7242604AD47B1A832C0B46A6F81D044742C74B8BC85254076AE00F
                                                                                    SHA-512:54B44FE2873AADCCB3B4C1BD7D19817129891E5F5B89AF5F9C3FB04F090CA6D0A67F8634AC72CAEAE2C47353CAC88B20777B95462E3198C1EF43087351AA9E90
                                                                                    Malicious:false
                                                                                    Preview:...W!......d...3|.&9.).Wk.H.t.w.oML.~.Bq...U.w.a..e.>.?$..$..NzP&q.y..m7$.....E..1..{..$.N'..q....n;lh...y..V'$|V.../p..Oc....R.}..b....?.P....^Q*..y..o...h.....P.O...}..Q.W......".w..=...)*"Pj......XQC.e..c.,..~.(Z..3 jO..........'R.=.Yn.S...d=XH..ov..".e.....}.&..X.h.]../...;.m.X....knc...LO|S.2.#.}.i*.:.......5...^]..U........{m.;..4...Z.,..........0>.>du..Z..k.h..Z...A....Q(... ...vB..}.h.\.A.L.........w..Z...aI...d.......{.rk0.@.s....^.<Q....h1.G8..a..........o.........m@.2a....g.U_....:..5/....+.6%.f..a..^...O.^.t.w..iU...8......)...D[..S.....,>...%i....".........K.&.vt#.H.2J......8W(...=(8.-;.F3.h.u.~^.:L.h/.@A..M..S3.....B.R..._s.B...Bj.P< ...M.&...#.....F..h.w..j..@.>.....>..PUQ....ilK.!n..-.(.|p... .a.fy....#7`n.h.^...A.\..u.~.u..AA.E.......cB.e....8...~g>...\i....~B.....$...n.D...n..,....vq.H`6>i...........W..q....OSC.............@....U.SF.........S....&....X..o|d.......$!.i.].%TCY......3..@?.;$'...[...?a=2/ss..d....VX?x.Uw.ki.

                                                                                    C:\Users\user\Documents\FGAWOVZUJP.jpg.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.824871304038093
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:bHqpemisPTmgEYf2v0w4EY+tKgqJiV/IJiJYEjIIVZ/i:bHEexemgXf2v34hYKc+5Kri
                                                                                    MD5:A33EC8C7EF204C60AC728C3E0D0F13F9
                                                                                    SHA1:79B9D615155B17AA34F69FAB9D5CFDE741969262
                                                                                    SHA-256:3CEF1273820C3251EFB54E8D43627E55BBE8C2D3546DA977859E5F47899DD1F4
                                                                                    SHA-512:4663E8CB28270AD0DEE809EF0810089F656332AC1C8A63A27B013AD5A86958B90FC858BFB69917CA86E7CFC19FDB7CA3C9CB8FE7703106438C552195FCF73EBC
                                                                                    Malicious:false
                                                                                    Preview:...U}...R.L....1U..um..3......Q..}2..Q.e...5^.....vX<.....q@..{nD.U..8....!...R]...2.ye?......<......;v...K..I.2qU.....%.`..2.Y..4.Z.wr...Y.{.u[.......I....Yd..=,....%g...."pW.R..,.].U...k].....A..{t....3HY.<.d.......".R.`t..+mp=x!H..\.acO.r.E..1B.[.JM..1.....V.4.Rq~E..=....B.&..C7..L.2......M..@.ZN.f..!.....}@1.].[YYa.._G.V.Y..a9......2..M-..Ry `=E..R.|.$.~.p.q#..*...ds..Q5qGsD...H...Ex..#..?Vz.....yt.:....*7.4-.....\.`=u..1F....e%.j.?E@d..w......8Yy..6~.......n....v0..K.N...Qdmo......n'...l)k...t.8.....#).[.k..b.B..-..[.p+,...c..a.$/..S.gG?.C.. .>...J3..D.......8....N.m(......`Lm..p...JY..R.b.1.....(....i.DD.....>.d.....>.U.O..Wl3h..r.....i........_.>..Y$I.F..n.."a)5.O...:...>.f=..:...y...r..5.a.,.)...@.gizp..{>.....4..-h..mJ@..%....1!(.Yf{.RR.Ud..O....@.0&..{..J..y.. .9UcxWR,([.$~.`..<....lF.+.9c.Fy.s..2..#.fww..).......T/...9.W..R.=_.y..S...k'..C..|'e..k^....z.S.......$....:.)g.z.,@.TU......L2..\X.(.HH....Z...(HW...zz...N.y.....05{

                                                                                    C:\Users\user\Documents\GJBHWQDROJ.jpg.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.803689375327925
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:KVCZ6yT30lFa0I4qNphsOkNWJcHLRwmEmDGb5FvS79rD7f1PqeKDSW:Ut+4Fa0nqNpi9l/96DSprD7f1PfKOW
                                                                                    MD5:AE90E980899E09BB4B1F13625C877B81
                                                                                    SHA1:4CB17A532E4AEE02F5BDA9E2E6902F90219A722E
                                                                                    SHA-256:8FC58DE8FE61B95B0D7AE302CFAF4C0C98C5FD28522780732792D1B48DFE6FDC
                                                                                    SHA-512:EBC453DB10AB6D53B2E606A185DCC988A291EFF870FDF779ECC6C7AA7E893C6C15627F31D37A553588B8592630053784190887EC2900FE74B70439833C0E996C
                                                                                    Malicious:false
                                                                                    Preview:rR.,$*...8.9.6.z...R..A...G.t......[.{.-.eA#..\..x......^@..:.e.OG.pC...+.4A...pMo...Z."X.....:U...#....h..c..,.U.g[.#d......2.d..m..18..[..K...r.^.`k...N3.....TxJ'...J.*.~..,......1."*...G...~`...0sKUJ?LZ.eX......Q..q.....d.......<.* .o....nX...9...<..Q.o=... .Qh.2.&3).....S..c.a. .)....wK.k.F^....-.1;w.+..c.e.I...l...!..a.KW-...R.*..........nh.$mT.I1...l..g.H6B.K..Kg.`...)O...6..%"......&Bg2.:.xAb.a.'.C}../FJ.....w@....PT...l7.Q!eI;b.N2.ef.....=....{~c.J.3.U...y..........%j.?.^M...n..s.,.....7.....v7E*.g.26..#.....3W....5..]..s...0.R..(..y...p.g%$.n.....k=.....o.g.t.J.l.3..2...&..)%C.2..'0..r....S..>....r.X..P.8.;.&.Z.5.............Tb.{.6jG8$.2W...P9.].^.....}."<_.........b.6.+.I....3.n.6..H....g._iO.P.......x.F....Wa..W..W...dM../*...z.O.........h.....Nq.n......s0.h7.u...M!..'.C.4...7....1.wF.j.9..A.r.t...k..\.a.#..:H...v=..Z....d...[.{^...@./.Y...7gkw}d.hh\.Oi......=.....`....j.,.G/f....k...P.....M...)X.....f.N3N...{^

                                                                                    C:\Users\user\Documents\GJBHWQDROJ.xlsx.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.804636615442379
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:ElSGEKcsBn5eTt125W13T9zFiBBt87lYLIFJmA9j+vZ64NEp:El8MB5eZ125UhzFsBvLIvp10Z64N2
                                                                                    MD5:52B1857ACD60C474E680E7EF48FCB908
                                                                                    SHA1:B4F108E9DF2376F102D07414226A392727455E1A
                                                                                    SHA-256:6905E43632377E6EC41C0E16A97D2D7AE8C2B15B0F56870BEF36A59C848F9D41
                                                                                    SHA-512:A9D2E9CA2C343315F8F4D68CBF1501D99237704A6F2792865279D3C8F4BE4ECE6C72724E29413C338038F65BD86538C8DB045210F8C27D662185B40F7A2EC31A
                                                                                    Malicious:false
                                                                                    Preview:Z.f...e.....kI.\..... o..CO.[b.c....J.@pq.%.v...A......q.1...,T.=...M..h.J.+..g..2$|.s.Z.....qQ...&./".M.1.+..I@..+.H.....^....3..- .%/%..)H......0v.....k.....%B..fW8...X.]..E.Lk!$.i...qtP......N..I...>.......P.8....-=../I.'..p..E....%:\@...NEi..G4...g.{;.i*.-{...f.\.8...f.k..U..E..W./.2w./.Z.>.. ......j".......9.V_....{.....`.......mel..x.002.G..........>..F..X..X.gc..G..O..._..lF.._.]...kd.YU8G..y?t.....g.xq......W.....R..*...{...b...9..6V..\...]}+nY2..^.....t.......>Y.. dg....^..4...Y5~..~X..B....{..zz..^...-.UW%....I6.2E2e&.....`...K.....4..wo.....K@..:.....@Xk..X..6X.>}...F.......{.q.xP....-0..9....sW.3.-3.9.d.4.:6.g{A.../.?@@./......0r...Iw..5;..Q&.....5.0`.U.xi......:...[.|D..K.s&eE4.QPg..&....9.*.C....."........3.7.?Q#.@.-......K.ao.p.t..Z..}..N..D.M..X"e.G..}...`.........d!.|I#.........^.B....`.......Q'.r.Y.I..y9.E....!..:2p.{..t...".#F:ba.e3....".`\M5..u...:A*.S..z$.=.:).>.wo7.....e..q=.i.[.r.Q.)......|K...d.....F....X'...&..8

                                                                                    C:\Users\user\Documents\JJMNFRKQNU.png.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.822649517986049
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:Otu3wvRHJnOtmUK9Yjr7Gnx1m/QL/0RacBOB:dALOttWCqx1m4L0E
                                                                                    MD5:DA237E0234E37A1F9C6D0EB07E76E760
                                                                                    SHA1:C73EEA10CC98FA5A5E750AB6A0B4329A0E431125
                                                                                    SHA-256:B35445490C8FA966A680BD77BE13D6735B680C2B2887AB1C92A7975F54AE4EEE
                                                                                    SHA-512:0CDEB247ACAE227FA701F981884483D9C65EB0E7B8DA3FA6FE9275678345C83AA8FFF96DD9FB862DFF18BF39A7836BC5632F9FF785B54E664E7858D73F7FBBD9
                                                                                    Malicious:false
                                                                                    Preview:..w. .....$.G.c.".d.[....q..}..6....j:..j....F.....eu.)L}Z.&.M..>1........]2.dq.......$...\.W.+....x.M...+.k9z.h...........{t.....v}.z.h.=TLi.s..d$.F.P....)OM....>.*..y..f......YI..-....Y..l[Q.-.r.s+....#..z.!.&.....c..Yfs...VW.....6t` .F.+$0.8.Q.dO....B.et|8.}[H8kDL5.^.@.A.s._........y`f...u)..rf../2g+..U...!R.....^....vo^.X.........aD;._.....5L.F..$..[Y.h...K...q..3.-.......?.$.s.=.~c....&.@...l..!.....*..I:.....O...|A.=.U..V..i~.CC2...I^.Y.g.T...6.E.U..0...A.c.......8W...3...s....'f.........H......rc....2....Q....21.[Y....b.e/r.g..D._u^..[.,.).)..(T...],..1."h...Q...e..8.Up.&...m...{.6I.AO..<.r.."....o..|...4g..eC..W.E".."...~{.*.>....Az6L..}..W....:...+..k.iw.....f.z&,.Ys.x.pB;..S....eh.x.S..\[....*V......vqm.;..Ve}.....^,....q.\..c.X.e*Gt....0..l'..Q...u.N8..........Q...$L.....B.1.D..[.s.d6..*.2./....-.|..V...#....^.....LvVS.^].;4..R.8`...{bZ0` ...z>.?Y.P...kk4V....R...<..@.....WX.K<..n{Y,..R/..L.....<..T...Y..d...E....9A^x..\

                                                                                    C:\Users\user\Documents\MOCYNWGDZO.png.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.835930162777163
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:MFXqa+htgZ+0o2hHYAdVFr6i/4fuJBHgIQBHQkacn:Ef+htqr71FVFrKIHEHQkacn
                                                                                    MD5:7CEBE1731227C7156EA67D35CF9D817C
                                                                                    SHA1:77B05A26D3CA4730532A21D7D62946ECDC2CE792
                                                                                    SHA-256:531CBAA06B6384737CC87D56F196E6010F782F88B51CC3568247321795291405
                                                                                    SHA-512:B14D08CCDB46277772D3A7F2751E6C1E753BBEE3A3D2F9EEA61DA7DDB7F0625F7367CA3F9D7E4DC06E5125132A35FFC20EEF175BD0E930EED86279EBE99D7A52
                                                                                    Malicious:false
                                                                                    Preview:..`..K..x(=Q....XA.SQ#...0 1f.....C9.....R#8&.A/.Gi.ehW_...N.h.Mm..W.............!M...&]|......0.bp.=a.w.@.R.@L.[..6+.....t...[.O.n..._.8^.....|4X"....._CC.T..o.R........r...!~.i$.5.KV/.....S...BN.....S..i......}...*.K.8..%.=G..|P.CzD...*..g....?..l.v......8.#...:....?ZZBp..."4...E.%.....Z...2".2@-..f!.*.....U..$L.....S...i..7a...-g`.,.n^ev55.Y.b..tt.....;.......2.;.3W...q@@Z...s(~...0YF...{.*...D.y.mj~.00'9)..OY..^..3R@..q..|l%W.....<..+].t.... ...l..f.I...i..I..N(.bSV.$7D;..ZP..[u...(.~8.L.....F..}.J`.t..@gT....[.m.e.~hc.u...}!.P-...-.?....;.84.......GH......r.x...#.j....R=z..*.e..$..S...>.{.9...)c......dK.S..k.+...S......z.L...J..|.).:.b N^.H[]:...p.;...............C..).6X;@.J.....(Z..+..g*...\.<..p.M.;y..Ba....^..D.WB....(...,F9...]....b..n_Ai;......m8..A...jp8.....@.z0.u..Q~...*....C.. .......*6.mv..KQM[..w0..[.aBd..3.;=5.......md...M4..^..j...z1` :Db0'...-....$..Hm..8..G.....n.X...h....wh:."C.3p...i..m...3a..8i...I{.(.@1.

                                                                                    C:\Users\user\Documents\QLSSZNHVJI.mp3.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.806386769454806
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:U71Ep03jocBPxaTRIgIW1B6bXI7XyCVHd1OK8v2URdmi8Q:iu0TlRxaNIGSjI2AD8vR3mi8Q
                                                                                    MD5:ED8432EAC48DDAB98EEF83F52B5DB554
                                                                                    SHA1:74AAB3A95DFCA7411A7F0605BF25F5E03B7FC692
                                                                                    SHA-256:5AE3190509869083225C6690E98F03404706C4F13258FC862CD3987D86432399
                                                                                    SHA-512:30FF039C4FCEBCBD40081284B066F4FEB9AF6A605B6E4A4C83864B9349DD6ACD3C9B592B7F3B5ED7F15F09BBA9B6E947EE697C3C6B0E77221975B47CE1479432
                                                                                    Malicious:false
                                                                                    Preview:2.w..K7%...q...{._{.c.n|:RE..m77........0..I.....0..0uc......O...=..AE.h..I........G.... ...z..k....=U..45....P.Q~...VnBG.E.....Z._..}..V...>......t.3.,b.;..p.A..X.'UY.....g(.....=.1.i.......r. ...\..\t.Q..2..+.c.;.z...P..|.]...t....@.y4.|..........f@C.X..O.l. .^f]|......F...q.<....6..u!=.9......Rb....D..|..7"f.......H.>.+.y....6Y...`8i.%....gxf..7j..~2..Rm8'C.=.L.....9..%.....4].V.Sk.0.Wv..wY.qx.a.SvqF.Hd.{..7}Z..o.uT.O.......$.....B.z@H.<4.\..,.V..D.....y.U!&*.O... .r..).m.-.*b...l;v.q.@....\..t.RT.}....:d+.h..N]......|9....H.0.jC{..6Z......SP8b.f...5.;...0..?.8.<..K...7.?)*q.Uv.Dz.a..?t.t@..........Y...oZ.2.t..4.a...H0.B...D.o..C..EX.ClJQX..on.9O...`>.!.8.@T9.0b..9...5O...S.....U.M3&..q....w.q.t.`...W....Q..&@3........W..m9.*.m+y..W.L..Z..@G......;..FF...gm.../.m;.+..tx.......O.4.>.u....A..........2>H..._.`....A.....ej...f.\........P.5^..tb.w..'.&fTF.Vd.Kf."....+..}.,.Y....T.#.N.%.vA.'......j....`>..i..s...xJK#..}.J.c.. ..N.Y].}(..`..aV.

                                                                                    C:\Users\user\Documents\UBVUNTSCZJ.docx.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.812630164216502
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:48MeGb3r4reogxSAjeFr4kl7LMqq515TLxRokEw8FmG:QNb3GeoPEe9p5LMqq51xL1tA
                                                                                    MD5:08677F7ADF6833F395A10DEBAC9F2818
                                                                                    SHA1:46842EE8445EA62F3D3C6F36FEAF060A0B5EE511
                                                                                    SHA-256:749FC4BC28FE44598D420603F9C13FCB2820A5B1A1DAE90018F9D66A156E78D1
                                                                                    SHA-512:991688252B4F1AE9404ECECD2B3A68C9CC2D73146FCCE7B203FD630DDEC38D396AAA5509C7355A4FF5C673DD9B4C6CC7E2198B7188B7002A972FDAF20C782E53
                                                                                    Malicious:false
                                                                                    Preview:....D.F....H...~w.u.).1.3.}...../..K.... ..e....i...gvl..,.k.|.m...&.+..n...%..- ....R.f....7...'.Y.{.gX.k..(...>I"Sd...i.?]..4El..tn.9.p%.\.8d.zM=x...`..wO..'t.Jf...3#..Te.T.Zx7..|xh..-VT.v...x...GkS.{k.4.k#1...w.V.W.8..Y.j..cpW!...QA..|.t.....!:~..W.Ax.4.e...p......m9.....&.C=.H*....\.-....Lh..U.IUj.T...q..k.T..3jg.&#."GD0.r..q ....o.za.}Jv..........2..G..{k.....y.R.'.S$hmb}..o..5.....0[.L..'....C.%...RCwr.^n..H._.~.y![%0(...wU<..FQ...&lB....Kiq!..3p..._CY2.tw7.:I..r.........?e....e..".97.N@H](*..Qr.{..=.M...up..r......a.&..M.Kb.+.eE.r.A........(..?..E..M.......a.;Zo.<.E6...EO...ILv....U.L......Ld..v..!.&.v...Y..g.ae.5.S&}..;.........).Rr.T.k...fE.%.^.9........^..9.u...c.v...A^.z..%.x.8...;..*...h..9H~.t...10%6.Y ..........I....T....WLj}..!....I.UM..o5......A.Jc3yZ>.x....U:....!.....Ab.0>.>......w..N-.h....~Fq.S?=...e&x...q...s.v|?{../..|..E...:......v" 7'..c. W.([B.C...*./..H..c.w...`...2.. ....}....X...|..@.LX....[=._.!.(j...90{.'.:.1.>...Y..

                                                                                    C:\Users\user\Documents\UBVUNTSCZJ.pdf.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.793521267695648
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:SEVA8Logt2nN/czg2GHVQK3BnntRIziG8b:SExLogAnSzg2AB3BtRlG8b
                                                                                    MD5:FEA99D82F7FE16F64FBC411E37744B30
                                                                                    SHA1:3B2E0FE51281A29B076BBFB217B885BF469F5DAD
                                                                                    SHA-256:1A3A054595315D6186B03855444149EE77741EE974E1517D3B52C8A68D788C8E
                                                                                    SHA-512:8BB5B66294DC52F03E39EA37DCE8D3404B06747AA890D1D0F639DA11A927191CF55AB8936652DE45386C4D4EB68E4C6F103A79C5EDB1991C7748478941461C66
                                                                                    Malicious:false
                                                                                    Preview:.^.<.....c.........B..4.<Y._.k....BS_oE}GK.f|...... ....Z.Te...Z.....B.v.9.k.M.W.j.......3L7.....Ecg..0`.[..z!i..M{.....ce.a"..Ez..I....zf....N..9W.3...?y.....!L..j.2...ID.SP...[...L|.....?.s.`L....Q.....%-..!.@..\s....I.Y.M/.....F.....e.k...gT...u(.v.G.52..b.[.^..$.5..i@.....d.MX.$SG...Kb..p4_|..YMJYi..>...(x..4..A.....L....K2.....X..[^....H4..B1H..'a...]\..l.N...>M..f{.^......u.$;~.p...2......pX..z..4@.d.*..&..VT...g#2...[x.d(X%l/.e7....f.L!1`.G....6....[q..O.\T..U...<.N.r..p..m......+...z7.j..<.z...]..}.}4........D3jVb......I....E..'..FhW....\.c..o....(..K.OZ3...9 .......@..k.....4i....Fcx+F,Lz...O..c.J......}.4......!..J.bHXE..H.v...y..)...x......e.}.9~>.0~....m...y_./..F...L....H..oU.q.Y...d...-..sWJ......[...XN<.O..(........OMw.T..3....j..e..|....uV......6M..GV:.{...b...5|'...,+.....n..wMM..G....L.....to..........p............X]Uuo./.......7=..C.Y.(...$n.f.[8.._}.?NS.G.g..=...]....h..-ME.....O.!..J..B[&..O...O.N#.T^3h(.*2I

                                                                                    C:\Users\user\Documents\UBVUNTSCZJ\BWETZDQDIB.xlsx.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.805173355340297
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:CaBoYmb4NL4jiJnaSbyDqH7fo/+uUHHMLVUHxCW4CPJ:dB6kDNaSSqH7fo/+upUHxTJ
                                                                                    MD5:6279FCB725D8C853A757979406E0617D
                                                                                    SHA1:B0952C11925573DF8B391C791227EA6F1BBBD308
                                                                                    SHA-256:E2F7E846FDF1B81C90C887D0D6ECB1CA3E5C2A5B32E3BA02B642BBE1748CA5A3
                                                                                    SHA-512:83E3B0F19D782888FEDD7D29037217F78CD4BBE00E523E3B4CA71A9AD69B86AC0713A1393BD7A4530BDF26DDC72E6615381B257B80E3440201EA179DB26B0BA1
                                                                                    Malicious:false
                                                                                    Preview:.q.T.T6.ZcM.!..^x~.3~......u.kOPk...G.Yp8.+,.4.......p....!.Nv.. ..!.E.0.kl&...;!.}:..1..p..Z#D.....k...^...n.......U../4[.7.\wb`..9...7....1Q..!F.1..E.~.6...Z.^..{..>.......Rs....$....p.@....8.2.I0N.7ku..Q9.^*f8l[..+$....#.....ce^.3..A9.o$.O..'.U68_.p..7..........3^a-5....,8.:......T.:...C.L.8.U....{.Q7m-.W.t.\3..Iz!0*.~....m.m..2..1....%Z<.....S....b...-....-....A).##r".....m`......R.N........|.....,K*%..$..&[.\2Y.+..3....0.R......:..8am......SiQ..h..#b.....w...Q>p...b3.<...#.....r.l..bOF..:.h.Di.W..V....vg.../sL....8&.xC.uY.^.%.O.F.f.)=..l.....e.....o.."n]..r ..|A...aI:..8....6^i....i.\.a/...4...m.v.Qn...W....Ah......?7..s..!...Y...X..9t%....C.#.g.....hx%Q...]...r..o..U.h.!...&...w;..{.DHZt..%......Q.....iz .8.?.X.*... ^.".Q..].OPF~R.. ...../.r......RHy.T.=^.d}.@..>.;.........,u.&...O....{....t.-..P...%u+.....:.rx.....1....f..?a.......0F@./.4.UeW...3.....<.u+........K.....k.\.9.+..fj...".x...9.._/....l1....S ,.U_A&\ .X.5:

                                                                                    C:\Users\user\Documents\UBVUNTSCZJ\DUKNXICOZT.pdf.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.84054617734976
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:cM1LtEIzMcGCCCSZJaIrLx2i5uK8QOXeB70OSd3M1d+USh6xhA:N1bz7GrZJfwi5uKlOVd3yd+USL
                                                                                    MD5:2D27F9E698CF3FB235A2671B8B5BFB5C
                                                                                    SHA1:E77BFC8C3EDF04A0494CE053E29EE0690D8636E9
                                                                                    SHA-256:A86B51CA35521C1AFD4D695937B73878CD11B925B18B50FE609E7A4EB3701401
                                                                                    SHA-512:F1CD2A8C06F91002926678F0F1C4A6E230BC235951BC1CB76ADFA86F1A7530445F8FF0B01237E8EF6F70F05FF92CFB73F56C28707CAE40E5937FB7DAE94D7F17
                                                                                    Malicious:false
                                                                                    Preview:...-.........ZMoo...!S...I%o..(...MMv.J[..a.:|.l..A.....Z2f.u....."..."..u.....vh;...../..\.f.Lt.......J.T.)E.c.4.bg...{...C).D............F.U[^...{{...@.yHG.6....U...........f..7...,.B.^|E.[....'h.).y,b.}.Sr..^....t..:..V*........u...{l..66..N...]Z.;.n#6...3./Y......e.Zj..T..tXO9..D....;p...^....[.G..C*.)...);.a..F....O.... ].,.. ...~.`.89o.43.x.o.......1.'O.kOz. .}4.VA..&......%.}..........UPs/..}.R.$.B@..B.].....v..'W;.sW....1)...W.[..y8.q......'".v........k.....E.^..2.G&..-M8a...jH.'..i...u..j............K!>......v..g...MQ.....e....i.............[...u...1...4..(........$....Q....87m..z........b.X.....6......!.XBt..A...Z.w....A...:....Y6....b*...Mg..*B...=....b...H.&.:Q..C.{..F.&}...a..h..z.....\..(.=..1.3p.6..X4...@.Di....l.T%.....r.&.6.S....5..L..UC.d.n,..;..B...\qGa@.je......R..]....Y.Fa..J,.V..P..x..4[0...S)ZW.I.../.P..F.....|..t..J...t......C...P...........a.1..@..d..^.+..HX..\d8w5cj.oC*e[.%h..6.^8<pCD..c.k.d..6t.....HC../x..3.5..

                                                                                    C:\Users\user\Documents\UBVUNTSCZJ\DWTHNHNNJB.mp3.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.807693800553399
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:N85FGp71bLvKZo/lLuOB2OcuijoWMKXE9RPIJZCNlF45eiRp0hcn:OFGjXCK9yQojRLXE4Xio9rn
                                                                                    MD5:7594A135465DD73033B39ED957FC272F
                                                                                    SHA1:80C473E7D94E1955BAC941F491662CA7863F2CE1
                                                                                    SHA-256:36F3342793ED7421DA3D093687EABDF13A019BEE2CBC00D043FC17A31592FD7C
                                                                                    SHA-512:7B3DA9B89B00A4F95EA7B180BA92787E56B77E13D87908BE004588D78DFBCE1E6E1225633494B4621E4D5458A905AE527207931086AEF9AB57B4722EC793C0F1
                                                                                    Malicious:false
                                                                                    Preview:D....'-..;..+dQ...*..$..].@Ph...s..]..K..w~./..?..v..".;R~..h*.e...a.?t.......^b.dS...Hm...;.Q.l..m._.m..X].{.......1..7./..6R.+...`MY...M..j..Hl....zA.s...$..7.l.j.U(q..E...P..C.To.9..m.....X......,Fk:..F....z......YZ..m.5....v-.]^j...b:.E.|..s...]*..Q..."..U.g.H..g...5.<X..?.}2Vq...A....{.qC..L!..(.&.....u".%......KX.S..7..pa....d....c.h37 ....>.y...H..a3eq.B...M..z..@R.%....E...A.....o...."<].6M...@\.9.....H.-Q....>.0A...?J'.m..Z.+..t....~.y(Br}X....J....G<..k..d.....g._8...p^.A.p_.P..Z........jc.-..A....&..4...;..A....6l..........D.9c!......cd...\X_R]@....#.s...........>+Z'.cR. (H...N..|;d.E......[|.[..IaD....W..;x......q..rz..-. .<......t.z.F.i..}f..].%.[..\B.wl.R..J..C1.^.....{P.W.*......g...3.O.bH..._\.a.M9..".PM.N&.v..m6.Z.M.H.3y.6.6*..#:...._.z..!s.c.38......Ad$.:..g.'......i.:.T...%.....Cqg.q....o^A....w.'.~+&..n.@..,S*.W7.D.z.N..3H.O,I...4.]A7..9....:I..[W...5*.[[W,...K........;....|S.....l`.. .q.*.u..j....~1.=....J....k..!xI.P.s..

                                                                                    C:\Users\user\Documents\UBVUNTSCZJ\MOCYNWGDZO.png.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.806530148997747
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:1QSJrVSrgOxAIPCMnkv1iAaXVD9yOSDDl1s+jJ/iJ+E:SSw1BP7m1iNJa1lM+E
                                                                                    MD5:E7C53535545BFEF110555EB59664E174
                                                                                    SHA1:796B8C1FFCD6F3AEAE497940D465D3A7338905D4
                                                                                    SHA-256:EFAE97E61A2F76990EBD25AC237E279B1FB8D16C1E25AA1C7947B372359E6E89
                                                                                    SHA-512:04D18D1765581306A3DC6BA1310FAF590E95158412296692170EFC4E61F527F75B61F8A763AD0F0E583B5D959960D41DEA9AC888231EB2BD2D26FDA5CE1CE7AF
                                                                                    Malicious:false
                                                                                    Preview:...........,.....7.\i.._....N...\..^..=Q.......f.*9..c.4...:H..U.....J'A..T.|.q...&...#L.....x....>J...!..oq..z.H..[n..|.u.[.2f.Wv%..G@WdU..]I...@.e.I.....#B.kI..P%K..0..8.9.,..j.rw?.v.t.Hz-.I..v.9...._../.....s.V=.}B.....O.5u.......:.)....'.B....j8<"...]....;..*kU[+.._j..f..'8..B&...n|...;.......|.1?2].8...8gs.OQlc.lp9.J.h0@.tz.K.U`..8..XA...O...*.Y.UG....O6........7Hk..-Z.,..!....t$..Pj(.........Bp..[...71..La.H.8O..|.....{..h(.}...C.......ex..w.M..33.X...W.^......AF._.....8.?...%.K!...^.....9(.....>..B.Q...B=P.....$...4..G|*..z)...OF..&..3`..%.n..$h...I.....O...)T..0....=Q/.p.S.. .E....P0.EFb.....R.n;....s~w..jy.:.Ks...$p.1..F.bR..Z.8.zS...P.A.ykOxXy.VT.G..7....O2`jW...8.H...b.5...3W.....}:......_.`.P?.~,...*....l........?Nl.3..U.d`.. ....F{.....|.$....=:....Q..d..2..;4&3...,...a?...r....3.#..s.....4rT^..i=$.P.".CfN.Sv".....C.h......^.-..+x..J.c.,d.@.JB.M(..q.@..-.....Y..ep...b.R.....h...D....+}r..\D.+.B.m...\.i.3.......h..cI.

                                                                                    C:\Users\user\Documents\UBVUNTSCZJ\UBVUNTSCZJ.docx.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.811638270265171
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:Sx6O0exZetRLgtfFIPoC3P9/He4nrfOWf+H9/xqcsQ5wEndBX:o6rgtf+Pje8Hf+H9/lzwOj
                                                                                    MD5:9F5823424D277620E6B99BC5F939CE82
                                                                                    SHA1:BD150DF9F28949EC13A3EF18C57E2923D4D57699
                                                                                    SHA-256:577DDB1E4B2FCA922AF5E8425AF4E35EC68814F0A56E589F83B125BA316530A9
                                                                                    SHA-512:CB049BA831BEF74BA22310D741B84CEC638718CCD9045BBDDB4BD31D1A3A1373BFA92DBF2DA1D186BB72BB98DF18DA37DF9CCC1AE3BE4E11317F02FAE122F11A
                                                                                    Malicious:false
                                                                                    Preview:T..|D.|../....3.De.sq......$j........ ...qj...[.l.....c...`.rw..@.*4L{1O$z.v._..D.....t..?.5..m...!.Uj.c_.....z...u.l....%.o..k...K{m..V.].Sd..qq...&.p..5..`...{#.B..?...r.y).b....i.Y.KQD...E_n_8.j.h.d......[.m..=.}-..-..?..U....}.c....v.y.T.c....:..5..8P..lX.>;..vk h..".........X.g.....5"u=uz...o....&.!..\%p..W.{.ok..Z.RM.'rt3...1.>...]r..z...9..V!#}...7.g..K..............\CU/W.G.....:4...PAK..7MFq..aaW}..N{..J.bR.p.P.My..W...cs...T.8._.....b.^..'Ul.....I..k.a....ZN)..^.$v.0R.Ep..3.0ok.........4.]..+ltDM.t...C...9H{jb?......i.2.........hq$..e.g..~x6.....q.<........l.Z.o ....Y.,..W...f..,.p(.h7rLx.G0K..[.%...n"oPr...x......+..zk.o...(K(.R..<... ..{.8..D...>.x.N].....XGd...v.9,.gm.\..FS%..T....d..&..T..,.QY.".b^..{......(.....A...-`./]..u......"..z......~C|I/...|.s*qF.3.~.t>.G.n).$PnJ.....%TO....3...7~3.P.#t........`..:..B.....k...da.c..+..$.m..>.+bx.~..*5~.h..G...p.`m;.V0.....1p....0.....2.q...._...8H....C.>.Y..>...c-....1n..~..SPg.

                                                                                    C:\Users\user\Documents\UBVUNTSCZJ\ZUYYDJDFVF.jpg.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.800636692483845
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:1iANbT/wdvOi5MrbnovolelCqwFoZf7TbZ6spAHdAZbGn:EAJT/wdG2ibov5BwFRHuQ
                                                                                    MD5:98DA0D4B6612D7C3076CEE9AF6B64646
                                                                                    SHA1:9C2E021304627D16798379BAD498186D4C198041
                                                                                    SHA-256:BCC38550005C3EBD32F2450E7E5D3DB459305B33F399AB2C8D82451E11D4C9E2
                                                                                    SHA-512:F4DBA0A0038DED85B16DB3BBACDC0691A81E98755D616F4C2B4321E52AB2CDDA8D57929445B737505E33D69A5FD05B95BE6AA7B5F754AF616786DFC19C279877
                                                                                    Malicious:false
                                                                                    Preview:T..S.O.V...s4...SWj.K (*0.WT..d.?..^..............C.)..a...Hs..5.v.].....*...U. ......*&..J.A..%9.=...__.s..>_y..I..;A..X`.y.]u.....~.8kY.....*.uN...t....{.N.d.s..W.%..B......jo..h.f...&......GR.r2..o.H_...[c;...M.....9../.M......T}.&y+..8.)...~.W~Q.vP.A....q...~.....'?.u..>`SP..%.....M..Z9./.G.A.N6.b. ..M.4..0r...d....J.@..[o.G#..jJ.......d.....N.f.h..................z.......eK.y...:."..EWT.Q..(l1..-...3................+...>.!O.h....2...\..Y....{...v.#z.1xp....\.V.].5.......$..|.^.W..\...!i...b.\.*Q>v.......XH..%..[`P..=Vt4~.Uj../^..6..kLP..[`b..d4..!...z:_NN..\.".z...{.,j..(y%$n...@...A..!vI*...R...!..u>...N..T...6.........r.x....S....0...M...o8......l...T.[.Jf=...s:.`...j......E...T=......{.......C....Hy.....#....).I.@.H.).d.[..v.....0.}|.6...'........~4.a-..0.bE..9.u.O..v..C..(Nnd.P....D'...L8.4....".`.p*.Z.&...pdF]...mAD^8...]-.(...G%....o#.l-...(....mI.W.....!L%.l.8Qg.n.5{.N.N.a..W.9..2....0..e.X?KP....(.M.i...."b{z..Tf!...

                                                                                    C:\Users\user\Documents\WDBWCPEFJW.png.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.828349653252446
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:o1Wl1d5kEIRECfJmugimtM4WCh0l20mlCZJSryqTpFXzTyQV+gT:o10KzEC6iKMS0l20mEZUrNeQQgT
                                                                                    MD5:5DFAC31743AB2BDBFA0C7D164FE460B9
                                                                                    SHA1:51547D4381A5995ACA6CEAC4CD565F525B134DB9
                                                                                    SHA-256:E4C1C76BB407A36E8CBDCACC3D20F7F9B5B1C0DF5750DD14F608C1AC2CD8DBF9
                                                                                    SHA-512:46676B43CB69B67DCF3018EA62D94C3F8AD7127D4F619CB2CFDCBB2061ECD6E862887332220AF11540A1FB6A1CC7E376C93263D87FE549DE2AF5D3DB4598E5D0
                                                                                    Malicious:false
                                                                                    Preview:A...f.w3w....F.o>..G..$....1.N.(T.....!c...$W,wO@.".yg.I6..gL............+..r..,..~.OU......Jm..rv..@Z..5.Rm...ra5_.eh....."....s.@Z*..<E.a..QHD.."../...[...$b....44..22s/.........M..4..%hU*R3..VA#.#.q....W.f7I.4...T[mK'..8......`..Y..%_.+..~..[.S03.F.....B.....QyJH......{....n...]$.^...0d..p.N.....G......C.^G.!.E.J....Cl...n.i...>..F3........}......vQ...8.`9.~........./S..v0.)|.R.t..p...J4.1.nX......K..$.2..S........P:.\..../......V.j...).J.C..^....s..a....... .dp......?....=.v.[a..}.:..,..6.....J.[..j..5.<..DXS.....qX...J:u...s..CS....c.............a.W.I..e.Ui..A.A..#`.l..G.Fk..=......&5....}M..G+|......If..i1..$..f..Y.e.X.<.r...db!....m...aL.....P................Z../.b..:.HU07...=5G.}..M[BA.....^..U<1.`..H...@.!o.g...b..5..g...G.uX5.,..CC...s.g...p..4L...Tw.1.@.....W...+......w/..Z?.}..... ..n..f~=BF...... }..&F..Fr...5.6......o..........Jv;.]..=7..G....y..A..{.s.X.....R..k.}m.7.Ax.....x.N...>.......i.z........`d[<k..0.P4..!...12.^?3.Qd...

                                                                                    C:\Users\user\Documents\WHZAGPPPLA.png.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.813060807391927
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:iVVMcPPsEh9n9PayKWJ1vl7VUQFXtwu9i9sZCktTAV387kKG2treLDhZe8Tr:iVqI1ht9iy3HN6Dui9sZAV3BKmNr
                                                                                    MD5:810466917BD094A5D136547E6B67C52F
                                                                                    SHA1:EB701BC613E254CFD895067BA03DF319118A65E1
                                                                                    SHA-256:EDED3CA80DDF5FD313E90D12DACCBB4354F265995718DC51DF7B9504ECF92415
                                                                                    SHA-512:F980911B7DA0F1A0987DC0B313F609498D422058FC57625D2807F8DCF387655BEF1CEAB23811E3BE87AE82F2A4DCEBFE653B89300F5CE855633E355E687AAD5C
                                                                                    Malicious:false
                                                                                    Preview:....$.oW.q..D(R.t...!T..^17..7|...[p...h.].:.r.s.T].v....\-Pe.Cn..-.E[(...v.l{.D..L..A.\..bO.}g.I...u.....b...#+...d...n.......}.........X.]#.....W..p.....y[y.#b....!Z.R.(.K...tU...j..A_..W<I.^3.......P)...L.....qzY.`Z.zW`.$.V#.....zo..]..i.l* ..Xx.J...v..L..*\QtX.B....2....a....1..o...."j.t......].....QH.D...J.j.....lvy.Z............+D.........M._.b0N&.U.X....z...J.R4QQ$.}3........M....L!.$.p.W....q.r,...u.G..Ve_...k...|.0.....k.<n/....T.Fj.C`..+..9..M..$Q.i0.f'....3.%ZRgN.x.Q.t.|..=..UO.#."M..&G../..%.A.q./.. .H.._.o.H?%c..y.~.]]./.....M.J.l.dM.y....P.Ik...;.../..k.a..-.....n.8..kBG..9..NY...X.....M..|.?.*..5......f...UJ...,.h.3`.p[gyP.......Z(3.I.....".1Y...J9....q... .S.P]...u..E...!....Q.'8,T...I.-......c...q..:......7......j.<..?<..5....!DY..v.Q.TYl..\..).{@..]O../.,t]!r ..... R.t......p.......+...U!.'..^E..G..Fl.@....z..n.....m.W.pG.^=..u./h..0o.7.$/..*...oo..$.Q..3..;.+..k.G.....F.u.4k.%.......z.x......ds.\..(.l...5.....y..(.

                                                                                    C:\Users\user\Documents\ZUYYDJDFVF.jpg.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.831518215354478
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:PMFeBpmiIdUDr3OiLEBdTQ2uqxQH1hSjoqJiygIP:PtyiI6Dr39EQ2uqxmSjB1P
                                                                                    MD5:84E6170032C8075875FF5542579FB1BC
                                                                                    SHA1:5E3BDCE5C44D00539F2F71D25157070672924ED5
                                                                                    SHA-256:EBDE4A516BF1FED8D8FA605D86993664B3C1965A8E1220B433E204BA194C40DF
                                                                                    SHA-512:588E508A624A279F1EB5099F6F2798FBB619BBAF7B60824C1429DB26497E22E19D4690FD2111B823BE1739F922B263E79262D3AF1C5DA604A6835C27EED11531
                                                                                    Malicious:false
                                                                                    Preview:nvR...o]..:.9...p.g%2.Muz.....V......B..>.C.C...=)6.c.3....x...#......i......m.1....k.~.'.....;...1.U..G.....N...;u.g.6;..F.ew.2M.8{x<......4...'..W...2.yd.2.JC..Q.(.T..W\....b..+x....HF.P.ysO........6.e..K....4"j..N...=..S9'|+m............x..F.q.a.B.b.D!cZBz..XL.F.$....Z...U.'.....}.UP....Y...N............0v.L.p._.......,BA:...p[........FL...&*.`......V..y.[r..`.5..D.w..7'..=.&\6..3&..WH.64<.F).v%.]..E....g....$._.h......\....P7.iH....>.L.2l.Elc..'.Q.j......^.....*-...............+....{..:.*.F.Ct+.S..f.)..2.K`.l..0..f.w|.^..m.B..j!b.....'uGu2/g...\.*....c..h...n.#...!...3V...z.W.r*V._m.!y1.b..1k....je.*1.....6c.\..)...#.2.....J..oB..-....._.>Ou.T.q.}.*...G..JT.BF...p....B..s+~.h.r.....(.vs`..Y...C.!{)....s.2.M?.... u.....P..-..>..]...d.....h.a...\:....aQ.....!.&o.. ..B..=z.!...x.u..M.m......}.......|..H..o]..Mta.U...S..6.D.'....6.....(+'fQ;.....l..37..q!U+_..^...E...+_1).7c..vx]!..?.....7..K|.`.K..j..qRA...".V.|.R/"....eQ.........}.

                                                                                    C:\Users\user\Documents\ZUYYDJDFVF.mp3.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.851821853633504
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:T5dL9MqWaJehC2SOIQxsY7Ua0fqbFto5r9AQvNftFH7xjXi:TfL9VESOlHIvfqbFKvNf/py
                                                                                    MD5:A0A5FBA819EC43B43088DB91DEA01B0E
                                                                                    SHA1:A6CF680279869EC40214E9ABF42B02189F82B9A7
                                                                                    SHA-256:A5BD4CB4F4FB51F1C4FE417079D3B3564531A54F0D7299BB3A79F6F96E8161A8
                                                                                    SHA-512:F153818FD8F0F8C760747DE1E51ACB0D3EFCF2FBA3F9BEC17D06CA505F914691AE9305C96511360C064DA1A21064C05A6272EFA552AA5722D73F5EF6A314C6B7
                                                                                    Malicious:false
                                                                                    Preview:.c.o+I.dk.y....p.h.I.....&3.+;..d.P@."0....3.f(.s...R......qU...%.].w.r..f.W....1...cz.8...@.<..}j.t.....^et....J./....RG)....tCi%SX.x..........|........"5.....:=..V.H........wV..PA.R.g.f.....X6..........m.}..1.Oz.V;.S..H<myu_...x[v:.| ;.....%.N....`..W.Q=..].k./...rq...a.;..e..;%...cG.#.9.Ls.AG..K.......9....".E.w$.^.i.kM..9......&^.X...@..0.'.l..Y.;.iR...p...>.1.C.K;..|...V.73.?....'....&.....O..gVj?$.(.m..ZZi'r.E.$......QI.....?..)..Zd....f..l... F.]bS.w.>s=.....g..<f..<...l;.}.e...@N..fg.....Y9....$KK....G....\..W.3B.....O...D.....=.%}..8.dUx.....u..U...].)@.[..Q.P...j...,.I....N.`lV.u...N....3..3V)...~..........}.<^....}[x.#q.y...Zy..R..g}36."......5g....87.q.l......@z. .<........5~..o.........Q9....i.....D.;1S.:^.Al..u4.}..".1N.......w....?XK.....E...$M<./,L..|...^.m..4..C"{.O.nE.w<........n..l=..8..R.....4!l"4.<....MZ....H...A.......=...{..........JC.....d..#.>q...c...U..... .aY.*.u.Q.Yh.....R...Z.m.D..5....D...!O.6wC..|.......Q.W

                                                                                    C:\Users\user\Documents\ZUYYDJDFVF.pdf.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):1072
                                                                                    Entropy (8bit):7.803697041627402
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:zp7gN0TJdNDhw0Sgiz1clt7TIQIYZKoRzLQU:zpDTp97iputQQrcGHQU
                                                                                    MD5:A1B5F4513A5D702F62DF1400404FD32D
                                                                                    SHA1:DBC3DBFF47FA206F493173F07F5252E4B57359C8
                                                                                    SHA-256:711B5C6B3CD16D81232B7BE4D64F0A8F2BFB08FE85BCC9140F4C7766A99C2488
                                                                                    SHA-512:67E7540ECAFEA9A1FAEDCF94AE0A79EC7B8F21F30F6B0B37E795E7E247195A5BA3F3FC126FDDACB06EC4142012EE2B81CD7B4F31D2B69074940BADF9CC86FD68
                                                                                    Malicious:false
                                                                                    Preview:.....&(.:.....{.n..3.rmb3...#P..ith.=.=.SfrWe.....7.r.|..;.......<v..\.......%..Ad!..A.'.;1.-.Fw.$.y.0g.mm0t.c9.......JJ.>...,..{}.J..T.m.]s.....]A}\..'.V.=.S.9k.S5_..<..q.I.]......xl.|.<.........b...`.'...K@.bO3...,...d..3..U...M....Y.y..9..x[.>d.yU-.X......N.=^\!.].B..x...n(......"L.k.."..T.."...W./.l.N2.n..{..o.*."..O..S7'..FN.h.....?.....z3....d...;.p.|6.2@c.Q.rf..q.1..4O?TD...I..,....>.......j.....z...~;M..K:n.^.j..&..wG..3^.e>c<..oh2.....Pj...xk_..$,...U.b....ee'.}.8.^...m..\o.i>.z..bAn%...l...H.?%..[>...EJ.P..?.....5:....0H)ULj..(h....O.l.d..X....tkr..8.....k..g.}Q.T.JfAd.0..4j....$...?......q....|...p..m3.XL=c.....X....1..px:...:..A.E....6).6GZl.r.7.j...L..,..}i\.c....*.m...f'.&....8......D$.....D..b..R..%|P../"xz...^..${...m.[...&e6....0y.t#.ce..n....P.>..V......8.0.3%.z...k.. .8..[x|.G6r...^y......):Dn.4...g.O@}r#..;...1_.....u.....HaT.....z.".yp....4..'ZY{..PB..\QC.$~;..q.~..3m....V.%.e..Co..8.un.....9.w..Z.zW..A..A......E..B.K.

                                                                                    C:\Users\user\Documents\desktop.ini.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):448
                                                                                    Entropy (8bit):7.523903969199848
                                                                                    Encrypted:false
                                                                                    SSDEEP:12:wKOBWn56M74OKcnV6cYOKMzdS/WLhWomqCvxq1Gln:vvJ74Ni6ceoeE0D1vxHn
                                                                                    MD5:AF8F73968E9A3B07A1974C993EA6CC3B
                                                                                    SHA1:BE9A905F833CC6B427EF30C78CEB9E98C1F6C824
                                                                                    SHA-256:E89EF6CD19A97B2E7B7B21AB4E4C2E94502C9F95B697DF59843CA2BCE461E9AF
                                                                                    SHA-512:6694F7DEED4ED1C5E01251DF11A949E646E76ACB790716133E29EF06001F85F353EBE2AB89515A0191E4E9BB020273DC7A38A9CA429BE9D2161E3F9A181C1880
                                                                                    Malicious:false
                                                                                    Preview:>.y,Xc.*!d.}z..!.f.......-.K.X.._...M..r....Sh..4X.\}.6...9.cd.4omT?V...1D.$,;.;.f~.j.5..p.!)$J)N...}..JZ...z,)..[.I..t.7.9;.[..A..m.3...l.D0=~.boT[.).^..".._..E6WQ......rq'.".t..46m...n^.........l[.....3.".~..WA{.B..i.{....>..[....2,.....u..(.J(......./.I/.i...|.x.C..n6..P.o.N~...r.$......#..k.~?.+.w.X_.R......V..p..^..A.......ca...0...g.6EP...,.d...P.I(3e.N.v.p.....nn.3/W...f(...^..BO$..t~.).F.....=...gY.3.T*...._..R.K....x...

                                                                                    C:\Users\user\Music\desktop.ini.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):544
                                                                                    Entropy (8bit):7.592291007860636
                                                                                    Encrypted:false
                                                                                    SSDEEP:12:b67wJhpKz9bV/IBpl9p1KIly6YekqFFPr6pN15R71WPy9ROBHo:bQwJhIY7p1lpYeNTK75RWy9cm
                                                                                    MD5:019413F11BEBA759781856A93234A498
                                                                                    SHA1:9642883452EFD9A9C0E9C35E2CD35D8AEED75B6A
                                                                                    SHA-256:CF11C7F8E8A755642C76C48D170E0049503D2C9661521D992D920FAC338FFCAF
                                                                                    SHA-512:C3ED73EC32B72D19F44C62649692CF50A812C170E4772C62E97D259D436C7BF523B1143FBE59464F26FD643316990F9D16B85EE82E4DEFA455EB59293DB47341
                                                                                    Malicious:false
                                                                                    Preview:\T..dA.-..QWN...@.!.....GtA.e.@..'...zU.&.|...)..sJ.p.S?.k..9.v:h..............e?.G+]...._v.(.........Lo...stPl.....|....A..'zx....C.}.....L.9\f...Ko.Lw...._.T.x..s...z.....gr.....`...h^.5......&....h..A...\...M....U.`V[.w...Vui4.|....D<S./JN.8.go...Yi.........[.D...jI...;C.J^.6....1..dq.{b..zKh.c..'....TE.?.S)E}....?..+,..j~8..>....Q.n:.\.U\t#.V.).v....:.^xN.&.\H..@Q..6`(....."R.^=.B>..5v.3...G...d9G...n.....6.......cE.m....6..[.T..1....E....U.Kw.Hd.V7.......D..jb#..>R...0.!.m=.......Sv..G.4@.{o,..Gp}.qX...k\.....,m...

                                                                                    C:\Users\user\NTUSER.DAT.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):32
                                                                                    Entropy (8bit):4.875
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Yv89Cc:YU
                                                                                    MD5:F6F5C3F9C2015AED19232CF1379817AC
                                                                                    SHA1:7DEFD73C95659DC3F941446E6D7D1C3A81A12FA2
                                                                                    SHA-256:20BD2EC7854E516AC0308168355872AC507C2EF1AC603B9D0ABE6CA82C358CA1
                                                                                    SHA-512:8A49D9C81086292B98161794C718B71472F6821C4F1ACE296F2D1EE8691041739B3F299D8B40291392FCB135E6BC8D86B859A5896CB64B748BF092F0DDFB9482
                                                                                    Malicious:false
                                                                                    Preview:...",..&..Z.5G..&1DA.........

                                                                                    C:\Users\user\Pictures\Camera Roll\desktop.ini.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):224
                                                                                    Entropy (8bit):7.152024620631374
                                                                                    Encrypted:false
                                                                                    SSDEEP:6:d2uIksPdEt6j1pA4EVOnPd2clDW40R1O74ixy/:YG2+QnnEknP7l121O4iM
                                                                                    MD5:D5D3176525AC3B17236697CB5526D466
                                                                                    SHA1:15563C7012227F6A678CDC42D17AA63AFE89B967
                                                                                    SHA-256:1DB35318E5071FC70A17629A3C8C00BF9BFDC28BD317599F5C16A76A1BD0D401
                                                                                    SHA-512:2D723B9E2AB1A740CD91EB9509C1C283F59A7A0E8F21573D834034770533F03634ED4424E8776C168D3FA03797E279A15EA21B1B8B25F0EC10C4BDD180AED397
                                                                                    Malicious:false
                                                                                    Preview:.$%..AM....i`.....S..............(4.....X.5H........&@..L..a........Uf.7'.i..|..$...9...v.@.V~....]<|..V|....._.Ob.....l...m.F?....S.`..../o......X!....P...9.q...Z.a.N.-p?.n....<.LW....".. ...W......+N.F.....1A

                                                                                    C:\Users\user\Pictures\desktop.ini.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):544
                                                                                    Entropy (8bit):7.63605924885065
                                                                                    Encrypted:false
                                                                                    SSDEEP:12:kCnzS7RTgV93ZuXdFlKlnFkMBqal++O05K3G2tJC339e/jMIi:xeNgXZuXInCyqzjQK39tJCE/jMIi
                                                                                    MD5:ED1AEB99EA4C48790DAC3E3E4A0286C7
                                                                                    SHA1:22B5E0F97519BE5716511E3A45DEF3F0BCE61519
                                                                                    SHA-256:6CD844AD926F41EFBCCA4DAC1CA59F737B7FCF95C1010FDEF546F5E97CD501C0
                                                                                    SHA-512:422658AFA07AA5FA2EC1A8F7ACF83BA7A36DBE4856BF1484D1F2ACD95A6F5A2E9FB8D4CCCD42C69456E468877381539F3A432DA8700CD3D652DB22D063E643B9
                                                                                    Malicious:false
                                                                                    Preview:+k^...<a..5.0O.?...L..kU..r...&..K.&.+..Ov../..~.#..PI...i].....F.........-.A........%\9..F8)..D...:5......D.9N.A........E...gf7M..DW.6).X...0w........I....U1O.w..S7Qg...Q.e{./.d~.1..y.r[.).q..._yg..t.@.J...i..F2...zw....v..-Z"+..F^..kw.ES=....7..Pd....K.......)......1....LAd(..2....J..O...,...K...Y...}..T....x..0..l...I6'..,..g....i..~.9.vLB(Q..B.....$Jp.ve0..'....+.}...e...(......h.Q..p..m..\....`*..X...}..+*.`.i..#...R.M.... #..7.Z...1c..D..)Q.V.9..I..{...Oj.v...U.t..G.u.uB..tk9"re.$\2F.1v8E.Y..'.6...y.l*}MD

                                                                                    C:\Users\user\Videos\desktop.ini.clay

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):544
                                                                                    Entropy (8bit):7.605473137597193
                                                                                    Encrypted:false
                                                                                    SSDEEP:12:nZewEAUJNjoECv1t26nZ9ZPtjnbWT5icBd:Ze3AUJN0J/bf1jnbWtpd
                                                                                    MD5:B78E39F7ED12D55818B0BC96B6D8A231
                                                                                    SHA1:36C96F5BFDC24F21F0AC54F0A7616F7B223A733D
                                                                                    SHA-256:95337B0706D2D71957D85520B0CFD05322BD526FC98E013DC1E684F6B112937B
                                                                                    SHA-512:5202E9822156E22B0DCB033C3543513ABA112850321B84E3958910D8447C46FB0ED29E4FEF0175434F514BAB58F71B9FD706EB721AEE5F863B642912186E28C6
                                                                                    Malicious:false
                                                                                    Preview:.......*..1 ....<..HQ].A,`.g......j.....)..<...^f.Y.1...`..t...K{.C.m..ojy.j.......`..;.V.=..E....o2.+.x......]F...A.%.....N..fH.8yc.S...B......a@-.rz.m+0.|]..l.i....8.f.....;..$....:.'...}J....g.....@...X....!.A....N...f....[..x<....2......y....t...U)...\...kL...Ji.2..rQ.?`)d..$Rm..wg...4..ig........dumEF.....X|.l..=.j._..lP.s.m......S....%(..8........M...q..9~qp.~.q...g..F..E...~d..N.[...A..&...qO.......~l.sd..~....d..&.....0...N..X%...."..P.-...zn.dN.N..}..I@..|f....m2...}...... .......f.....]I]/a.9..q.<vx.#.U

                                                                                    Static File Info

                                                                                    General

                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                    Entropy (8bit):6.254075203210796
                                                                                    TrID:
                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.62%
                                                                                    • Win32 Executable (generic) a (10002005/4) 49.58%
                                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                    • InstallShield setup (43055/19) 0.21%
                                                                                    • Win32 EXE PECompact compressed (generic) (41571/9) 0.21%
                                                                                    File name:bnieCH9wRm.exe
                                                                                    File size:3438608
                                                                                    MD5:acd46f88a6f90143090c342c10544ccf
                                                                                    SHA1:bb90bed3b0d747feeac32536d75c6d153b34be0b
                                                                                    SHA256:8bf1319fd0f77cd38f85d436e044f2d9e93e3f33844f20737117230b73b60f6c
                                                                                    SHA512:82e91a14b2a7bfb659a566df7caf7f8dc28b61a14c504dd6ca23166ff2bb142114a43c5a3c70309022d813f34fb3aa63d321d964f3b6178e42b650ac0e56e84f
                                                                                    SSDEEP:24576:v54IAnWrfdt2Zj1vpo4ajyKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKI:CIAWjdAp1PagjLuSh3i+FtvkMzT+
                                                                                    TLSH:36F54A157784CD26C07E07F54863D2946231FCA39E2346AB35F0B72EFDF56804DA2AA9
                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..../............"...0......<.......'... ...@....@.. ....................................`................................

                                                                                    File Icon

                                                                                    Icon Hash:60e2c0e0688ececc

                                                                                    Static PE Info

                                                                                    General

                                                                                    Entrypoint:0x4127ba
                                                                                    Entrypoint Section:.text
                                                                                    Digitally signed:false
                                                                                    Imagebase:0x400000
                                                                                    Subsystem:windows gui
                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                    Time Stamp:0xBDD42FCE [Wed Dec 3 02:34:54 2070 UTC]
                                                                                    TLS Callbacks:
                                                                                    CLR (.Net) Version:
                                                                                    OS Version Major:4
                                                                                    OS Version Minor:0
                                                                                    File Version Major:4
                                                                                    File Version Minor:0
                                                                                    Subsystem Version Major:4
                                                                                    Subsystem Version Minor:0
                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                    Entrypoint Preview

                                                                                    Instruction
                                                                                    jmp dword ptr [00402000h]
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al

                                                                                    Data Directories

                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x127670x4f.text
                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x140000x339dc.rsrc
                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x480000xc.reloc
                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x126ac0x38.text
                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                    Sections

                                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                    .text0x20000x107c00x10800False0.9045780066287878OpenPGP Public Key7.799346323123273IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                    .rsrc0x140000x339dc0x33a00False0.24703957324455206data4.247178219027038IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                    .reloc0x480000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                    Resources

                                                                                    NameRVASizeTypeLanguageCountry
                                                                                    RT_ICON0x141000x3334cDevice independent bitmap graphic, 225 x 450 x 32, image size 202500, resolution 39 x 39 px/m
                                                                                    RT_GROUP_ICON0x4745c0x14data
                                                                                    RT_VERSION0x474800x35cdata
                                                                                    RT_MANIFEST0x477ec0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

                                                                                    Imports

                                                                                    DLLImport
                                                                                    mscoree.dll_CorExeMain

                                                                                    Network Behavior

                                                                                    Report size exceeds maximum size, go to the download page of this report and download PCAP to see all network behavior.

                                                                                    Statistics

                                                                                    CPU Usage

                                                                                    Click to jump to process

                                                                                    Memory Usage

                                                                                    Click to jump to process

                                                                                    High Level Behavior Distribution

                                                                                    Click to dive into process behavior distribution

                                                                                    System Behavior

                                                                                    General

                                                                                    Target ID:0
                                                                                    Start time:06:00:05
                                                                                    Start date:14/02/2023
                                                                                    Path:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:C:\Users\user\Desktop\bnieCH9wRm.exe
                                                                                    Imagebase:0xe40000
                                                                                    File size:3438608 bytes
                                                                                    MD5 hash:ACD46F88A6F90143090C342C10544CCF
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:.Net C# or VB.NET
                                                                                    Reputation:low

                                                                                    Disassembly

                                                                                    Reset < >

                                                                                      Executed Functions

                                                                                      Function 05714F19 Relevance: 9.6, Strings: 7, Instructions: 848COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.786912215.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ,$,$7$7$7$G$W
                                                                                      • API String ID: 0-2084640177
                                                                                      • Opcode ID: 5547158c7fea5ecc76bae4e4af45848186ed9709d9b1b0ad41adcfa75b240428
                                                                                      • Instruction ID: b92ffbca8cd39e57ef857caaabc3f767f7a88061e83e5111a923775078d111ba
                                                                                      • Opcode Fuzzy Hash: 5547158c7fea5ecc76bae4e4af45848186ed9709d9b1b0ad41adcfa75b240428
                                                                                      • Instruction Fuzzy Hash: 98924834610605CFCB25EF78C898B99B7B2FF89304F5186A9E50A6B360DB71AD81DF40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 05714F28 Relevance: 9.6, Strings: 7, Instructions: 839COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.786912215.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: ,$,$7$7$7$G$W
                                                                                      • API String ID: 0-2084640177
                                                                                      • Opcode ID: 3da28092a6b3f57cd0c1b768276338991b91c1d234d2c9cf51125aea841b04f9
                                                                                      • Instruction ID: d74be7d03ae0e0b22fbaf4c822e02b4a29326af6d99a779e0f906e6e05e0f2f9
                                                                                      • Opcode Fuzzy Hash: 3da28092a6b3f57cd0c1b768276338991b91c1d234d2c9cf51125aea841b04f9
                                                                                      • Instruction Fuzzy Hash: 57824834610605CFCB25EF78C898B99B7B2FF89304F5186A9E50A6B360DB75AD81DF40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0173B702 Relevance: 6.1, APIs: 4, Instructions: 125threadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetCurrentProcess.KERNEL32 ref: 0173B770
                                                                                      • GetCurrentThread.KERNEL32 ref: 0173B7AD
                                                                                      • GetCurrentProcess.KERNEL32 ref: 0173B7EA
                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0173B843
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.781712062.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID: Current$ProcessThread
                                                                                      • String ID:
                                                                                      • API String ID: 2063062207-0
                                                                                      • Opcode ID: a76ca7ed3031ecb1dddd92d9104a78ab9c00eb7394359d80f573669d85ef4589
                                                                                      • Instruction ID: a9911bf4bbfefdb568a321f779c2be61c5bb8ece6984a4896ab6266f3b7d8e3f
                                                                                      • Opcode Fuzzy Hash: a76ca7ed3031ecb1dddd92d9104a78ab9c00eb7394359d80f573669d85ef4589
                                                                                      • Instruction Fuzzy Hash: 655133B09006498FDB14CFAAD588BAEBFF1BB89314F24845AE409A7351D7746884CF65
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0173B710 Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetCurrentProcess.KERNEL32 ref: 0173B770
                                                                                      • GetCurrentThread.KERNEL32 ref: 0173B7AD
                                                                                      • GetCurrentProcess.KERNEL32 ref: 0173B7EA
                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0173B843
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.781712062.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID: Current$ProcessThread
                                                                                      • String ID:
                                                                                      • API String ID: 2063062207-0
                                                                                      • Opcode ID: cb5c192d2dc82e65e9d91e4310b5a39297d1654fe59ba531cdd9116587c89b67
                                                                                      • Instruction ID: a4c6c5b4f93bcc0fa6bf04129305004f78a374d2a597fa76ec7f49b9ce242a0f
                                                                                      • Opcode Fuzzy Hash: cb5c192d2dc82e65e9d91e4310b5a39297d1654fe59ba531cdd9116587c89b67
                                                                                      • Instruction Fuzzy Hash: 735133B09006498FDB14CFAAD588BEEBFF1FB88314F24845AE409A7351D7786884CF65
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 05711708 Relevance: 2.0, APIs: 1, Instructions: 517COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.786912215.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 25cd317a4a9ea6d21f788d512de78fc8cfe3ded4660805fa4869931d59cded86
                                                                                      • Instruction ID: 20b72fc959da954332793d690d45245ddc9ee21fe736f737536b588d7c8595ed
                                                                                      • Opcode Fuzzy Hash: 25cd317a4a9ea6d21f788d512de78fc8cfe3ded4660805fa4869931d59cded86
                                                                                      • Instruction Fuzzy Hash: 6A228278E04245CFCB14CB5DC588ABEBBB2FF84310F648155DE12AB366C7349885EB99
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01739308 Relevance: 1.7, APIs: 1, Instructions: 215libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,017399D1,00000800,00000000,00000000), ref: 01739BE2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.781712062.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad
                                                                                      • String ID:
                                                                                      • API String ID: 1029625771-0
                                                                                      • Opcode ID: a5bf1e5b223e9055eed4f3072ca491276d357a932fac2138708d314997871da2
                                                                                      • Instruction ID: b61e69cd5cfb5cf8125f4fe298fc355df94181db3cdd2c7c9ea4475be5e5ce2c
                                                                                      • Opcode Fuzzy Hash: a5bf1e5b223e9055eed4f3072ca491276d357a932fac2138708d314997871da2
                                                                                      • Instruction Fuzzy Hash: 968146B0A00B058FDB25DF69D45475ABBF5BF88304F00892AE586DBB41DB74E845CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0173FD6C Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0173FE8A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.781712062.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID: CreateWindow
                                                                                      • String ID:
                                                                                      • API String ID: 716092398-0
                                                                                      • Opcode ID: 3b65c8178f2e3e51f3acccd52e2dbf589c858507686ccc334afec94c2827332e
                                                                                      • Instruction ID: 5112f7587b8ba85a5289e761a132599737bd097c3c5ce10817cb85ac8a0951e4
                                                                                      • Opcode Fuzzy Hash: 3b65c8178f2e3e51f3acccd52e2dbf589c858507686ccc334afec94c2827332e
                                                                                      • Instruction Fuzzy Hash: 1051C1B1D103099FDB14CFAAD884ADEFFB5BF88750F24812AE815AB211D7749885CF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0173FD78 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0173FE8A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.781712062.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID: CreateWindow
                                                                                      • String ID:
                                                                                      • API String ID: 716092398-0
                                                                                      • Opcode ID: 71b83aa6160c3f3c46c3b2e0c7b111b41a593f08975907ff4dd195f90f283452
                                                                                      • Instruction ID: 7bebcf774882975cc8dfbce258eab2546c68275e8d61e98de98b37b361a8f30c
                                                                                      • Opcode Fuzzy Hash: 71b83aa6160c3f3c46c3b2e0c7b111b41a593f08975907ff4dd195f90f283452
                                                                                      • Instruction Fuzzy Hash: 4141CCB1D003099FDB14CF9AD884ADEFBB5BF88750F24812AE819AB211D7749885CF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01733DE8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateActCtxA.KERNEL32(?), ref: 01735401
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.781712062.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID: Create
                                                                                      • String ID:
                                                                                      • API String ID: 2289755597-0
                                                                                      • Opcode ID: 672390662bee7e6faaf6120d68757c017f0ee7eb28304f0e881521f87b1bd7cd
                                                                                      • Instruction ID: c01e9d6ea3cb6ce4727c6f009d9c0f3715d1b656dc1e6cd09e468035821cc257
                                                                                      • Opcode Fuzzy Hash: 672390662bee7e6faaf6120d68757c017f0ee7eb28304f0e881521f87b1bd7cd
                                                                                      • Instruction Fuzzy Hash: 0841C2B1D00618CBDB24DFAAC884BDEFBB5BF89304F648069D409BB252D7756945CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0173534E Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateActCtxA.KERNEL32(?), ref: 01735401
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.781712062.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID: Create
                                                                                      • String ID:
                                                                                      • API String ID: 2289755597-0
                                                                                      • Opcode ID: 994eedd9d7de18eaa509ca8ae6de7960fa9c4a0b6163a6b2d4d4477d84798e56
                                                                                      • Instruction ID: 50f2e5548df85596d56862ee9e9e2900a8aa06d33fe8d5db07b948b68900ec44
                                                                                      • Opcode Fuzzy Hash: 994eedd9d7de18eaa509ca8ae6de7960fa9c4a0b6163a6b2d4d4477d84798e56
                                                                                      • Instruction Fuzzy Hash: F641C0B1D00618CBDB24CFAAC884BDEFBB5BF88304F648069D409BB251DB756945CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 057123A0 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CallWindowProcW.USER32(?,?,?,?,?), ref: 05712461
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.786912215.0000000005710000.00000040.00000800.00020000.00000000.sdmp, Offset: 05710000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID: CallProcWindow
                                                                                      • String ID:
                                                                                      • API String ID: 2714655100-0
                                                                                      • Opcode ID: 1a09a0e90ec148d90187fc4900ebc72f0c852e8d344d9cffd1c068509a6eb681
                                                                                      • Instruction ID: fc54057f3ad5fd7b145dde04289910bbac273eec00e70d108923645f5148668a
                                                                                      • Opcode Fuzzy Hash: 1a09a0e90ec148d90187fc4900ebc72f0c852e8d344d9cffd1c068509a6eb681
                                                                                      • Instruction Fuzzy Hash: 72414CB9900345CFCB54CF9AC488AAABBF5FF88314F25C459D919A7321D774A841CFA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0173B930 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0173B9BF
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.781712062.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID: DuplicateHandle
                                                                                      • String ID:
                                                                                      • API String ID: 3793708945-0
                                                                                      • Opcode ID: 5a25ecabeaed16ac4516fcd2bd2243f48736cde96930fcdfa2d0885a149eb564
                                                                                      • Instruction ID: ef74d1376dd9b7dbd20de3502352fa71082df934bdd6497e18c45a0bd0123109
                                                                                      • Opcode Fuzzy Hash: 5a25ecabeaed16ac4516fcd2bd2243f48736cde96930fcdfa2d0885a149eb564
                                                                                      • Instruction Fuzzy Hash: 3421D4B5900208EFDB10CFAAD884ADEBFF5EB48320F14841AE954A7351D378A944CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0173B938 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0173B9BF
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.781712062.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID: DuplicateHandle
                                                                                      • String ID:
                                                                                      • API String ID: 3793708945-0
                                                                                      • Opcode ID: 676728b08a990420974b911922473f68f1937086578019c63715d2733389f9fc
                                                                                      • Instruction ID: 7e5ffa2549536944285a491950434270d1d65d197ab8cf69d7e89b106681719c
                                                                                      • Opcode Fuzzy Hash: 676728b08a990420974b911922473f68f1937086578019c63715d2733389f9fc
                                                                                      • Instruction Fuzzy Hash: 3021B0B5900248DFDB10CFAAD984ADEBFF9EB48320F14841AE955A3311D378A944CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01739B70 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,017399D1,00000800,00000000,00000000), ref: 01739BE2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.781712062.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad
                                                                                      • String ID:
                                                                                      • API String ID: 1029625771-0
                                                                                      • Opcode ID: a32c5224a735a08b0576ab757a6987328da907b5b233a5dac1594d7df0a64af4
                                                                                      • Instruction ID: d5922afdfaf77cef7d2c19dd7394addcc5741b6d8cee20502e5ce644965f16d8
                                                                                      • Opcode Fuzzy Hash: a32c5224a735a08b0576ab757a6987328da907b5b233a5dac1594d7df0a64af4
                                                                                      • Instruction Fuzzy Hash: 821136B28003099FDB14CF9AD444BDEFBF5AB88310F14841AE915B7200C3B4A545CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 017394F8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,017399D1,00000800,00000000,00000000), ref: 01739BE2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.781712062.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad
                                                                                      • String ID:
                                                                                      • API String ID: 1029625771-0
                                                                                      • Opcode ID: 8ddf72f6b91dbbb3b464982afe4a3797c6e11fa3a73f9b1e327d5350c42a5ecc
                                                                                      • Instruction ID: 33779acd256acf729adf287425834108f864051aa5f16c333f080701681feff5
                                                                                      • Opcode Fuzzy Hash: 8ddf72f6b91dbbb3b464982afe4a3797c6e11fa3a73f9b1e327d5350c42a5ecc
                                                                                      • Instruction Fuzzy Hash: CB1147B2C042088FCB14CF9AD484ADEFBF4EB88314F54842AE515B7301C3B4A544CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 017398E8 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 01739956
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.781712062.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID: HandleModule
                                                                                      • String ID:
                                                                                      • API String ID: 4139908857-0
                                                                                      • Opcode ID: 7fa8da0a185caf203bf4f8316d6821dd5cdb52ae52edfe2e68e37149f84ec304
                                                                                      • Instruction ID: 78bdeab7b3ae502c805837ee70bfa5baea4f48f50fee376ddf78e43b97ea3781
                                                                                      • Opcode Fuzzy Hash: 7fa8da0a185caf203bf4f8316d6821dd5cdb52ae52edfe2e68e37149f84ec304
                                                                                      • Instruction Fuzzy Hash: F51153B6C0024A8BDB10CF9AC5447DEFBF4AF88324F14845AD569B7701D3B8A146CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 017398F0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 01739956
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.781712062.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID: HandleModule
                                                                                      • String ID:
                                                                                      • API String ID: 4139908857-0
                                                                                      • Opcode ID: 8bd8dd86447d916f4abfea2974080c22c388b4fbff7fb2e8b3e7f96eb1a97eff
                                                                                      • Instruction ID: 0c7f00615b670a1f5260c8522b7ee9dce832049625e9fa9745aaece3e75d918e
                                                                                      • Opcode Fuzzy Hash: 8bd8dd86447d916f4abfea2974080c22c388b4fbff7fb2e8b3e7f96eb1a97eff
                                                                                      • Instruction Fuzzy Hash: E81110B2C002498FDB10CF9AD444ADEFBF8AB88324F14846AD569B7301D3B9A545CFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Function 0173E5F0 Relevance: .3, Instructions: 315COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.781712062.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c89659e2f1249faeebf6b290089656234941b5d7e2463f6c48dbd3c3fb84efbe
                                                                                      • Instruction ID: febc12fcefe83a2c9ed810d12b59c5ea7648ae9577fd8f9d8113810433d6bf4a
                                                                                      • Opcode Fuzzy Hash: c89659e2f1249faeebf6b290089656234941b5d7e2463f6c48dbd3c3fb84efbe
                                                                                      • Instruction Fuzzy Hash: 2212A5F14117468BE330CF65F99868D3BA1B7453AAF906308D2A16BAF9D7B4134ACF44
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0173C1A4 Relevance: .3, Instructions: 265COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.781712062.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1415aa2a585614da607f10df9525d6a8452c6ea7e1616f88e8207596fe86f0a8
                                                                                      • Instruction ID: 915489cad3310830e59dc211fe19bdaf8c3a20ae831aee4a0013cd0be02afba8
                                                                                      • Opcode Fuzzy Hash: 1415aa2a585614da607f10df9525d6a8452c6ea7e1616f88e8207596fe86f0a8
                                                                                      • Instruction Fuzzy Hash: F4A14C32E0021A8FCF15DFA5C8445DEFBB6FFD9300B15856AE905BB266EB31A945CB40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0173E5E3 Relevance: .2, Instructions: 220COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.781712062.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3c48071091e952240acd41aabba83c5b77a126a41bd993ae727a003cf5f49a6b
                                                                                      • Instruction ID: 1175f5a51ffc9f75169d27c930e53801abc388b37d6337f8a6ca9e03b6cb2c2d
                                                                                      • Opcode Fuzzy Hash: 3c48071091e952240acd41aabba83c5b77a126a41bd993ae727a003cf5f49a6b
                                                                                      • Instruction Fuzzy Hash: FDC128B1811746CBD730CF65E89828D7BB1FB853A9F506308D2616B6F9DBB4124ACF84
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%