Edit tour

Windows Analysis Report
O0dZdy12ak.exe

Overview

General Information

Sample name:	O0dZdy12ak.exe renamed because original name is a hash value
Original sample name:	1363c8871061ff83ed3dd0fe025b274442d5c30898c02bdfd4981717f4f33b44.exe
Analysis ID:	1526559
MD5:	38fb9ac2e51d04182faf81afbef08ab8
SHA1:	1f325950a7a8e1a2050e954f33d2c3774510bd6e
SHA256:	1363c8871061ff83ed3dd0fe025b274442d5c30898c02bdfd4981717f4f33b44
Tags:	DoubleFaceTeamexeuser-JAMESWT_MHT
Infos:

Detection

Score:	45
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Excessive usage of taskkill to terminate processes

Modifies existing user documents (likely ransomware behavior)

Checks for available system drives (often done to infect USB drives)

Creates a process in suspended mode (likely to inject code)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

May sleep (evasive loops) to hinder dynamic analysis

Sample execution stops while process was sleeping (likely an evasion)

Sleep loop found (likely to delay execution)

Too many similar processes found

Uses 32bit PE files

Uses taskkill to terminate processes

Classification

Process Tree

System is w10x64

O0dZdy12ak.exe (PID: 7504 cmdline: "C:\Users\user\Desktop\O0dZdy12ak.exe" MD5: 38FB9AC2E51D04182FAF81AFBEF08AB8)

conhost.exe (PID: 7512 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7572 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 7604 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 7644 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 7664 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 7712 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 7728 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 7760 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 7776 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 7808 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 7824 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 7852 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 7868 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 7896 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 7912 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 7944 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 7960 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 7988 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 8004 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 8056 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 8096 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 8128 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 8144 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 8172 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 8188 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 7268 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 7256 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 3064 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 5932 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 3748 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 3368 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 1740 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 1136 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 1848 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 7312 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 7608 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 7572 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 7688 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 7664 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 7776 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 7760 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 7824 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 7808 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 1704 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 2536 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 7872 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 7860 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 7916 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 7904 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 7968 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 7964 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 8016 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 8004 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 8120 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 8100 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 8152 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 8144 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 5700 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 6680 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 2812 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 2664 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 7260 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 7196 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 7280 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 5740 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 3064 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 4464 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 3320 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 4320 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 2640 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 7424 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 2424 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 7520 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 7220 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

taskkill.exe (PID: 7492 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

cmd.exe (PID: 7708 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: O0dZdy12ak.exe	ReversingLabs: Detection: 57%
Source: O0dZdy12ak.exe	Virustotal: Detection: 35%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Source: O0dZdy12ak.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File opened: z:	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File opened: x:	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File opened: v:	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File opened: t:	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File opened: r:	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File opened: p:	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File opened: n:	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File opened: l:	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File opened: j:	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File opened: h:	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File opened: f:	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File opened: b:	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File opened: y:	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File opened: w:	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File opened: u:	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File opened: s:	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File opened: q:	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File opened: o:	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File opened: m:	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File opened: k:	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File opened: i:	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File opened: g:	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File opened: e:	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File opened: a:	Jump to behavior

Source: O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr	String found in binary or memory: https://t.me/Britannique)
Source: O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr	String found in binary or memory: https://t.me/WalterBishop42)
Source: O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr	String found in binary or memory: https://t.me/doubleface_group
Source: O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr	String found in binary or memory: https://t.me/hackerk7)
Source: O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr	String found in binary or memory: https://t.me/madoneputain)
Source: O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr	String found in binary or memory: https://t.me/masturbateur)
Source: O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr	String found in binary or memory: https://t.me/moonnight_god)
Source: O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr	String found in binary or memory: https://t.me/shiro_SATA)
Source: O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr	String found in binary or memory: https://t.me/tcpsnow)
Source: O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr	String found in binary or memory: https://t.me/te1egram_usr)
Source: O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr	String found in binary or memory: https://t.me/tombezyy)
Source: O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr	String found in binary or memory: https://t.me/xpolarized)

Spam, unwanted Advertisements and Ransom Demands

Modifies existing user documents (likely ransomware behavior)

Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File deleted: C:\Users\user\Desktop\UMMBDNEQBN.xlsx	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File deleted: C:\Users\user\Desktop\VLZDGUKUTZ\DVWHKMNFNN.png	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File deleted: C:\Users\user\Desktop\VLZDGUKUTZ.docx	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File deleted: C:\Users\user\Desktop\UMMBDNEQBN\ZBEDCJPBEY.mp3	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	File deleted: C:\Users\user\Desktop\VLZDGUKUTZ\HTAGVDFUIE.jpg	Jump to behavior

Source: cmd.exe

Process created: 86

Source: O0dZdy12ak.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf.invisible.0.dr

Binary string: \Device\HarddiskVolume3\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf

Source: classification engine

Classification label: mal45.rans.evad.winEXE@332/108@0/0

Source: C:\Users\user\Desktop\O0dZdy12ak.exe

File created: C:\Users\desktop.ini.invisible

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7512:120:WilError_03

Source: C:\Users\user\Desktop\O0dZdy12ak.exe

File created: C:\Users\user\AppData\Local\Temp\tmp.bmp

Jump to behavior

Source: O0dZdy12ak.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\O0dZdy12ak.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\O0dZdy12ak.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: O0dZdy12ak.exe	ReversingLabs: Detection: 57%
Source: O0dZdy12ak.exe	Virustotal: Detection: 35%

Source: C:\Users\user\Desktop\O0dZdy12ak.exe

File read: C:\Users\user\Desktop\O0dZdy12ak.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\O0dZdy12ak.exe "C:\Users\user\Desktop\O0dZdy12ak.exe"
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll

Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Automated click: OK
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Automated click: OK
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Automated click: OK
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Automated click: OK
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Automated click: OK
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: O0dZdy12ak.exe

Static file information: File size 6670336 > 1048576

Source: O0dZdy12ak.exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x631000

Source: O0dZdy12ak.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Window / User API: threadDelayed 560	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Window / User API: threadDelayed 1024	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Window / User API: threadDelayed 406	Jump to behavior

Source: C:\Users\user\Desktop\O0dZdy12ak.exe TID: 7564

Thread sleep time: -66000s >= -30000s

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\O0dZdy12ak.exe

Thread sleep count: Count: 1024 delay: -10

Jump to behavior

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug

HIPS / PFW / Operating System Protection Evasion

Excessive usage of taskkill to terminate processes

Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Replication Through Removable Media	1 Windows Management Instrumentation	1 DLL Side-Loading	11 Process Injection	1 Masquerading	OS Credential Dumping	2 Virtualization/Sandbox Evasion	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	1 Data Encrypted for Impact
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	11 Disable or Modify Tools	LSASS Memory	1 Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	2 Virtualization/Sandbox Evasion	Security Account Manager	11 Peripheral Device Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	2 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
O0dZdy12ak.exe	58%	ReversingLabs	Win32.Ransomware.Doubleface
O0dZdy12ak.exe	36%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://t.me/doubleface_group	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://t.me/shiro_SATA)	O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr	false		unknown
https://t.me/WalterBishop42)	O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr	false		unknown
https://t.me/madoneputain)	O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr	false		unknown
https://t.me/moonnight_god)	O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr	false		unknown
https://t.me/Britannique)	O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr	false		unknown
https://t.me/te1egram_usr)	O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr	false		unknown
https://t.me/doubleface_group	O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr	false	0%, Virustotal, Browse	unknown
https://t.me/masturbateur)	O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr	false		unknown
https://t.me/tcpsnow)	O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr	false		unknown
https://t.me/tombezyy)	O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr	false		unknown
https://t.me/hackerk7)	O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr	false		unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1526559
Start date and time:	2024-10-06 10:06:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 57s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	80
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	O0dZdy12ak.exe renamed because original name is a hash value
Original Sample Name:	1363c8871061ff83ed3dd0fe025b274442d5c30898c02bdfd4981717f4f33b44.exe
Detection:	MAL
Classification:	mal45.rans.evad.winEXE@332/108@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Connection to analysis system has been lost, crash info: Unknown
Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
04:07:35	API Interceptor	189x Sleep call for process: O0dZdy12ak.exe modified

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\Public\Documents\desktop.ini.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1340
Entropy (8bit):	5.448279124740771
Encrypted:	false
SSDEEP:	24:5+qQi8D5FMtO7AeQXR/X22SS6KM1QP5QL9dVZRGzrwIB7i6c6twg:HeF8ld5X2xS6GP5YdVmgIB1c6twg
MD5:	9C397FCE53105F86805AB51CA024D99C
SHA1:	2206BA6E0B90DB16FFEAEF6673BACBC074C6689E
SHA-256:	76E9FFCBFC9F0281773B67AF72BBD3DC5963BE5783A34BEE72B7C6E2655A13EE
SHA-512:	8332110BD8EF0D15EF96F470A594D18A25AA351151C2108D9F72BDD41B84674853EB806E1C1BD1233057B40E06C7EBDB2EEDEBE0588008BE632495979D20DEBE
Malicious:	false
Preview:	5..<...p...APU:`.6=..\.\x..L......b.....j......:..B.1cL.....O3O...s.M... 3.....0..vP....A....@..5..z..e........:.7...f....coX8$......Y.....G\.V...g...........mP...3..z.c...yaK.3.....v.z..,i......$LxC..z..v'{'^..8<..h.C.....g..8......^...vLT.nT.w...FM...{.gC....q.N'.).Rl.\.c.\O...D---8+8---40140d8e5d15aef6f6475545978cc203f8580f9161bba04d870f730e5ba7ff644f9330712f8ba5a2f50da44b6a6561b36d4e671df6e01c70b41d18d04792f7e992bd4a4807f3cd31769ed45515076f4d7144bdb273403f3d8abff9ff85b7703dbdc7f987a2f4567e52370e96da7fadda73d73007d972d22b51e6e68939c467e2d92d06348d2b59fde21c7233295b5d1ed80ab929533faefeb150dc68a4cc11e7ba27e9df5cceddb1b8026017e5a6974ac997718882c703a2d3ea40450c4018e8db4de12ab96406f97e7f126cbb3eb7bf5af5a4144537d4c6a23a6ccbc665329c7c5508d17aa2c19811425f93874e77ffbcc31ce09dabe6e01ccf9645587c456f29ef2a56010ac09fb78f17e16d800ce4677c6c8276a54b2a72bee0aec4c2d615079939c621a7b97744a83d3d279dc8321aa8e229a2a614c74128d03cef5c7ec280620a99865a37e3e66389705b76a44d15a21ae445a29

C:\Users\Public\Downloads\desktop.ini.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1228
Entropy (8bit):	5.039629203236064
Encrypted:	false
SSDEEP:	24:5+qQi8DKtO7AeQXR/X22SS6KM1QP5QL9dVZRGzrwIB7i6c6twg:Hvld5X2xS6GP5YdVmgIB1c6twg
MD5:	FDEF4BC2060A94AD7D8B3A8CCEC35825
SHA1:	9AAC49F933419C933CA004BBA22C29D5BBAA2E04
SHA-256:	767D31BC0AAFB33E55ED9DCD8020BE60C8791838654AAA15A721ACD8A7D2B1B5
SHA-512:	3F254BD526ED12BA5FF86A19A231524E8ECAA77510F8D0C7B1317888840C3D0BA7EBAE6E6ADEC4FD256224D938D40814A11CAD532F7880A2A1AF626A6F4F7178
Malicious:	false
Preview:	5..<...p...APU:`.6=..\.\x..L......b.....j......:..B.1cL.....O3O...s.M... 3.....0..vP....A....@..5..z..e........:.7...f....coX8$......Y.....G\.V...g...........mP...3..zQ)..+..w...\Y.Z---8+8---40140d8e5d15aef6f6475545978cc203f8580f9161bba04d870f730e5ba7ff644f9330712f8ba5a2f50da44b6a6561b36d4e671df6e01c70b41d18d04792f7e992bd4a4807f3cd31769ed45515076f4d7144bdb273403f3d8abff9ff85b7703dbdc7f987a2f4567e52370e96da7fadda73d73007d972d22b51e6e68939c467e2d92d06348d2b59fde21c7233295b5d1ed80ab929533faefeb150dc68a4cc11e7ba27e9df5cceddb1b8026017e5a6974ac997718882c703a2d3ea40450c4018e8db4de12ab96406f97e7f126cbb3eb7bf5af5a4144537d4c6a23a6ccbc665329c7c5508d17aa2c19811425f93874e77ffbcc31ce09dabe6e01ccf9645587c456f29ef2a56010ac09fb78f17e16d800ce4677c6c8276a54b2a72bee0aec4c2d615079939c621a7b97744a83d3d279dc8321aa8e229a2a614c74128d03cef5c7ec280620a99865a37e3e66389705b76a44d15a21ae445a2993fc2b5d53750f83880cc2c5973e76dc9dc0b46e5a28d260edc0bec526fbb7427f26d805979e411514d3979d118d16ccd1e51136aafa12c2

C:\Users\Public\Music\desktop.ini.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1436
Entropy (8bit):	5.740437791997142
Encrypted:	false
SSDEEP:	24:5+qQi8DtnwrQPnSg9tO7AeQXR/X22SS6KM1QP5QL9dVZRGzrwIB7i6c6twg:H2pNTld5X2xS6GP5YdVmgIB1c6twg
MD5:	2FAACDB569B107BD0C93CC747F66D587
SHA1:	1B75515B0CD902F9A30657999F02EEE2CF3E7135
SHA-256:	F813C33E7AEF6A9F2BEDAD88FE5C75D768A72EF1AB19D74A1B93BD616D147D38
SHA-512:	3510DE79EC380374F08C1DB5A8343C8A4BED3A02E390BE32D18AA83539B0FDA488DB92EBF2B79A80424B7D484F0CBD949ED67E24E8AF02370661AEABD7068167
Malicious:	false
Preview:	5..<...p...APU:`.6=..\.\x..L......b.....j......:..B.1cL.....O3O...s.M... 3.....0..vP....A....@..5..z..e........:.7...f....coX8$......Y.....G\.V...g...........mP...3..zU{.x.5...O\.\.Q5.).O%....QC....T..........uW...n.Eq..L..2.V.....M .&....3.X[....Ss.......xrw.\...........r.N...m\|...\.l.u.<..eD..3.7k...;E..1..-.a.......C..>3..o_..k\|sE...[.......s...........B^H...B.T,.Uo---8+8---40140d8e5d15aef6f6475545978cc203f8580f9161bba04d870f730e5ba7ff644f9330712f8ba5a2f50da44b6a6561b36d4e671df6e01c70b41d18d04792f7e992bd4a4807f3cd31769ed45515076f4d7144bdb273403f3d8abff9ff85b7703dbdc7f987a2f4567e52370e96da7fadda73d73007d972d22b51e6e68939c467e2d92d06348d2b59fde21c7233295b5d1ed80ab929533faefeb150dc68a4cc11e7ba27e9df5cceddb1b8026017e5a6974ac997718882c703a2d3ea40450c4018e8db4de12ab96406f97e7f126cbb3eb7bf5af5a4144537d4c6a23a6ccbc665329c7c5508d17aa2c19811425f93874e77ffbcc31ce09dabe6e01ccf9645587c456f29ef2a56010ac09fb78f17e16d800ce4677c6c8276a54b2a72bee0aec4c2d615079939c621a7b

C:\Users\Public\Pictures\desktop.ini.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1436
Entropy (8bit):	5.717512825104021
Encrypted:	false
SSDEEP:	24:5+qQi8D3pQIeKjtO7AeQXR/X22SS6KM1QP5QL9dVZRGzrwIB7i6c6twg:H+ld5X2xS6GP5YdVmgIB1c6twg
MD5:	EC4DB626BC313BFAF1C369DCB7EE750C
SHA1:	B2BC14B6C4B942C3F240F69B6AAD976E2DF9496E
SHA-256:	A555C161D8EAFAF628BD2AAA0F10CC59ECB8156BF1F29C8E91081873605AA063
SHA-512:	F4A50297A7E04EBD1A3DB8185165F87421516A224501D793CB3A225152F3D5D75C5E5209569CD73C018D408B626EE3484F3F9899BD27D086B966BF2A8E821558
Malicious:	false
Preview:	5..<...p...APU:`.6=..\.\x..L......b.....j......:..B.1cL.....O3O...s.M... 3.....0..vP....A....@..5..z..e........:.7...f....coX8$......Y.....G\.V...g...........mP...3..z+/.i..N..7.P..$...wd.4..$.......U....j......y....tH'....B`...mv&q.q~}.:............se...Y..0.\|pg}9l.e.C..)t.C,....Q......l......yfBU..<....?........=..P...-.B._.qL.FZ^..1...s....#B.]42;..R..A...E..6.V.RS.Y..0fA...'G.---8+8*---40140d8e5d15aef6f6475545978cc203f8580f9161bba04d870f730e5ba7ff644f9330712f8ba5a2f50da44b6a6561b36d4e671df6e01c70b41d18d04792f7e992bd4a4807f3cd31769ed45515076f4d7144bdb273403f3d8abff9ff85b7703dbdc7f987a2f4567e52370e96da7fadda73d73007d972d22b51e6e68939c467e2d92d06348d2b59fde21c7233295b5d1ed80ab929533faefeb150dc68a4cc11e7ba27e9df5cceddb1b8026017e5a6974ac997718882c703a2d3ea40450c4018e8db4de12ab96406f97e7f126cbb3eb7bf5af5a4144537d4c6a23a6ccbc665329c7c5508d17aa2c19811425f93874e77ffbcc31ce09dabe6e01ccf9645587c456f29ef2a56010ac09fb78f17e16d800ce4677c6c8276a54b2a72bee0aec4c2d615079939c621a7b

C:\Users\Public\Videos\desktop.ini.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1436
Entropy (8bit):	5.742717228659507
Encrypted:	false
SSDEEP:	24:5+qQi8DYxJN72mytO7AeQXR/X22SS6KM1QP5QL9dVZRGzrwIB7i6c6twg:HTJTqld5X2xS6GP5YdVmgIB1c6twg
MD5:	E5F1A5E6440DA244B1DC502D57216183
SHA1:	15B2F563186035B913DAC816862066386062D899
SHA-256:	FC1124A6F4AA9DBC6CFA712E6BE7B9A5A8A8BAA986FED0832751AFBC96EC835D
SHA-512:	38C8EDC4CEC79A77182A80435C6BBB447F80E5E6719230A3ACC16AB53CB65B1B6DF63363A8B56080C092DD2BB72DA4B1D8FBE71FC7BF568373320EC651173311
Malicious:	false
Preview:	5..<...p...APU:`.6=..\.\x..L......b.....j......:..B.1cL.....O3O...s.M... 3.....0..vP....A....@..5..z..e........:.7...f....coX8$......Y.....G\.V...g...........mP...3..z1..c%....i....IuE....K.RC.b.....kl...D.O.q....m..=..P.(\|Jw....{..I..[w....wVI,.W.>....M.H.r.v[.f.=k.P)....I.D./h@-o.......~.q.Q."n.z...l_Y....4r...^.`...WrN13}.;J.7.a..^&..-Uf.(-.[...%a...R.+.p......[.....eK...]---8+8*---40140d8e5d15aef6f6475545978cc203f8580f9161bba04d870f730e5ba7ff644f9330712f8ba5a2f50da44b6a6561b36d4e671df6e01c70b41d18d04792f7e992bd4a4807f3cd31769ed45515076f4d7144bdb273403f3d8abff9ff85b7703dbdc7f987a2f4567e52370e96da7fadda73d73007d972d22b51e6e68939c467e2d92d06348d2b59fde21c7233295b5d1ed80ab929533faefeb150dc68a4cc11e7ba27e9df5cceddb1b8026017e5a6974ac997718882c703a2d3ea40450c4018e8db4de12ab96406f97e7f126cbb3eb7bf5af5a4144537d4c6a23a6ccbc665329c7c5508d17aa2c19811425f93874e77ffbcc31ce09dabe6e01ccf9645587c456f29ef2a56010ac09fb78f17e16d800ce4677c6c8276a54b2a72bee0aec4c2d615079939c621a7b

C:\Users\Public\desktop.ini.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1228
Entropy (8bit):	5.023633635880275
Encrypted:	false
SSDEEP:	24:5+qQi8DctO7AeQXR/X22SS6KM1QP5QL9dVZRGzrwIB7i6c6twg:Htld5X2xS6GP5YdVmgIB1c6twg
MD5:	CCEC8D02C504A02057DE53724DF71C2D
SHA1:	DC6E5BCFE9A256BC563081C3E5DDD17E217345C8
SHA-256:	6A69B21CD03D14F6587858A1DEA561028215FA6470FA4E8BCBD199CE0A8976A5
SHA-512:	83A92C64ED19E047B33ED72FF90F0A1F6CF198B0897A5BC4B5AC65665DA7E36AB4309789678F6A3905EBD85E817E3AAC319B471FE3F237C6E38AE88A8CA726A4
Malicious:	false
Preview:	5..<...p...APU:`.6=..\.\x..L......b.....j......:..B.1cL.....O3O...s.M... 3.....0..vP....A....@..5..z..e........:.7...f....coX8$......Y.....G\.V...g...........mP...3..z......k.U?.9..b.---8+8---40140d8e5d15aef6f6475545978cc203f8580f9161bba04d870f730e5ba7ff644f9330712f8ba5a2f50da44b6a6561b36d4e671df6e01c70b41d18d04792f7e992bd4a4807f3cd31769ed45515076f4d7144bdb273403f3d8abff9ff85b7703dbdc7f987a2f4567e52370e96da7fadda73d73007d972d22b51e6e68939c467e2d92d06348d2b59fde21c7233295b5d1ed80ab929533faefeb150dc68a4cc11e7ba27e9df5cceddb1b8026017e5a6974ac997718882c703a2d3ea40450c4018e8db4de12ab96406f97e7f126cbb3eb7bf5af5a4144537d4c6a23a6ccbc665329c7c5508d17aa2c19811425f93874e77ffbcc31ce09dabe6e01ccf9645587c456f29ef2a56010ac09fb78f17e16d800ce4677c6c8276a54b2a72bee0aec4c2d615079939c621a7b97744a83d3d279dc8321aa8e229a2a614c74128d03cef5c7ec280620a99865a37e3e66389705b76a44d15a21ae445a2993fc2b5d53750f83880cc2c5973e76dc9dc0b46e5a28d260edc0bec526fbb7427f26d805979e411514d3979d118d16ccd1e51136aafa12c2

C:\Users\desktop.ini.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1228
Entropy (8bit):	5.041988433090257
Encrypted:	false
SSDEEP:	24:vnKL1Se4ys33YwTgnjRCokafqQAPE2sMxo+tigfwXd/D4vd9olt:fA1SPcj+yM0uo+ggfid/kvr8
MD5:	CEEDE5609BC4B718C3A92AEA302BF072
SHA1:	12EAD697B1086A08A33BEDA0388516DBC9342D8B
SHA-256:	DB145CD75240E45259C170704130F3947B226638FF596F9993194331FD47722D
SHA-512:	26C8B800376EA7A94D7A7B6ABA25544E4FB9F774919DA8801DC72990FF9A1A2D2E28947001ACB61549418DBE984221C766609A279657FE90F4F9E7EB1F5D3B8D
Malicious:	false
Preview:	$.h.}...0........w.2]....$...s........Svu...{......v..zJ..fa...ezE..u......c....f(....A..a..fg^.bq..0N...7O,.L.(....,R..(...]...L..B.L.P.\/..s..:...U.If}..M...........f.z...gY=...---8+8*---786ac22ca48d71c03760b9ccda148564c7d7226915691bc0c4679ceedf1e17e46d71321380b731bc735eba2232e87f1e5863880750205cb8553d9386b620a954e35df76effcffd4b5a605cd6e7166745457b9134afcae1c6586452daf4b055e0d87f9e2351d24474fe1539c36fabf3e30bcc4e05d226919f8f4760a3885e8670a9ab68bc8ab605901ef1cdd927f4b56ad856e860967d5b1f6b882415ee2c24a41e7fc0eb2a80cfc5778cd8b1bd3c9622a7cbe7a91f37ebb3292b9d36d18181dacea64f93e13aa0b53d5f34b07fc56e147831f09c0dd6c86646d4ac20c95fafbef8df25f9c7ede69e43ca4a79bedc3f4c96918186004d2a6798380986841410a97dd6a0f998765b22c2ec47fecd9a8976c15b23d2b092d854b8b0ce18831ce8f8b0cb459fc052fcda05f545271fefef377eef953f19d06a7fa3792f1b00bd7f51efa8cf480d51f6aeb9262007ebcf2e8f27cb936432ca53570b66abc3cbec2f0c5711e6c17fed29cd12e66cfaa31649774028ace1846efd17c4b76731fc248b7ae2e43434ed4b4219ebd466c33efa7

C:\Users\user\.curlrc.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1068
Entropy (8bit):	4.246177039902789
Encrypted:	false
SSDEEP:	24:wys33YwTgnjRCokafqQAPE2sMxo+tigfwXd/D4vd9olt:Ccj+yM0uo+ggfid/kvr8
MD5:	71F192ACE6902DC2BF3A66D31922B549
SHA1:	4D9C475755769A95CFA7F40AA2CB14693BE0F51F
SHA-256:	FD134952F11ADA7BECBB67EFB4A7463010A0A9F9C41D866D4D3FA46071669416
SHA-512:	FE0DD910E9B3D0410350A696E993733D5E7B16874A2D27EA8A38D83F19A3E75AFEC37118077F7C5E4D0776F18B2DD7AC878ACF13391D2108BA9B1F1A93831EBD
Malicious:	false
Preview:	$.h.}...0.......9.....g...2..---8+8---786ac22ca48d71c03760b9ccda148564c7d7226915691bc0c4679ceedf1e17e46d71321380b731bc735eba2232e87f1e5863880750205cb8553d9386b620a954e35df76effcffd4b5a605cd6e7166745457b9134afcae1c6586452daf4b055e0d87f9e2351d24474fe1539c36fabf3e30bcc4e05d226919f8f4760a3885e8670a9ab68bc8ab605901ef1cdd927f4b56ad856e860967d5b1f6b882415ee2c24a41e7fc0eb2a80cfc5778cd8b1bd3c9622a7cbe7a91f37ebb3292b9d36d18181dacea64f93e13aa0b53d5f34b07fc56e147831f09c0dd6c86646d4ac20c95fafbef8df25f9c7ede69e43ca4a79bedc3f4c96918186004d2a6798380986841410a97dd6a0f998765b22c2ec47fecd9a8976c15b23d2b092d854b8b0ce18831ce8f8b0cb459fc052fcda05f545271fefef377eef953f19d06a7fa3792f1b00bd7f51efa8cf480d51f6aeb9262007ebcf2e8f27cb936432ca53570b66abc3cbec2f0c5711e6c17fed29cd12e66cfaa31649774028ace1846efd17c4b76731fc248b7ae2e43434ed4b4219ebd466c33efa770a5316f831d5342bd8b3e63cb6fa5e72e3fbb1195a23ec3f1e357a1deb2ddf3f1b68b4cbdf30d48d71298d9ded392dffe765caa819fcc5ee384cd0212aae2affbed8b9e1f2b54473b01160bc0f31a0e

C:\Users\user\3D Objects\desktop.ini.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1356
Entropy (8bit):	5.496146261366631
Encrypted:	false
SSDEEP:	24:vnKL1SeExKJbkq+DQq7ys33YwTgnjRCokafqQAPE2sMxo+tigfwXd/D4vd9olt:fA1SvKJbZ+kqrcj+yM0uo+ggfid/kvr8
MD5:	208395F60E3746E2AC10C2BB5A4BE6FB
SHA1:	63501B5C4508AE09C18ABD008DD45B4AAD56290A
SHA-256:	1AF88C421B47A865B89C24F01CE0829E7C4FE8A9FD33247284BDB52DA4C8ED43
SHA-512:	620BD1BD7DFF12DE6D813E74AE51F1245F6508DCA861EDCB6D0D99E09AA9D37C737730E4F67E2A91D322B9F201D1E0A41D18ADFC491030CB09F6A035781FAE87
Malicious:	false
Preview:	$.h.}...0........w.2]....$...s........Svu...{......v..zJ..fa...ezE..u......c....f(....A..a..fg^.bq..0N...7O,.L.(....,R..(...]...L..B.L....Y&H..#C...]...#.I.j..!`...g....h#.w.q..(C..!.W....4yyjA......a.ee..l.P.[B..ci&.kn...._.....}....JEd....cN,.F.(l.P..z.We.5.i...r.`....<.......,.D.K'SA.P..5.b}.F..---8+8*---786ac22ca48d71c03760b9ccda148564c7d7226915691bc0c4679ceedf1e17e46d71321380b731bc735eba2232e87f1e5863880750205cb8553d9386b620a954e35df76effcffd4b5a605cd6e7166745457b9134afcae1c6586452daf4b055e0d87f9e2351d24474fe1539c36fabf3e30bcc4e05d226919f8f4760a3885e8670a9ab68bc8ab605901ef1cdd927f4b56ad856e860967d5b1f6b882415ee2c24a41e7fc0eb2a80cfc5778cd8b1bd3c9622a7cbe7a91f37ebb3292b9d36d18181dacea64f93e13aa0b53d5f34b07fc56e147831f09c0dd6c86646d4ac20c95fafbef8df25f9c7ede69e43ca4a79bedc3f4c96918186004d2a6798380986841410a97dd6a0f998765b22c2ec47fecd9a8976c15b23d2b092d854b8b0ce18831ce8f8b0cb459fc052fcda05f545271fefef377eef953f19d06a7fa3792f1b00bd7f51efa8cf480d51f6aeb9262007ebcf2

C:\Users\user\AppData\Local\Temp\tmp.bmp

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	PC bitmap, Windows 3.x format, 1920 x 1080 x 24, image size 6220800, cbSize 6220854, bits offset 54
Category:	dropped
Size (bytes):	6220854
Entropy (8bit):	0.023659002560192918
Encrypted:	false
SSDEEP:	768:1MJWWWWW19999999999999TsDFo99999999999990:1MJWWWWWUDFt
MD5:	C09F3B2A45D2AFAF362AB1B4B488EC29
SHA1:	C20661F43F785B8AEAB34BFE01D89774CC04B1F9
SHA-256:	154D1781B19070885989F92C1F77086E2E06DB413EA95E1884BE39570B80343C
SHA-512:	052F198462CFBDDBA68CAEC31AC7A4372AFD8808E97A4D22D6C8C9D80B80E14CAAB43E81307036842B80CCBB16B3B8881164BC0F4D9FEC5A5442CBC832E94383
Malicious:	false
Preview:	BM6.^.....6...(.......8.............^...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\time.dat

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	5
Entropy (8bit):	2.321928094887362
Encrypted:	false
SSDEEP:	3:LQ:k
MD5:	8371979223147775C9E22E45D0B4635B
SHA1:	1A6CCFDAABBA7201ADF9E61E4D237E6A377AB042
SHA-256:	5876D6B16F56408BE737F35E84F06D5ECE4D77728AEC511387189FCAF90AB8E6
SHA-512:	C01943718531DD9CFAABF29C3A293A90A99D00D8260207DB47A3C8AA59E865D7E27B927FAF9B0C0FF2AB2112456DC66AABE810612C581B212E01E6021EA1873F
Malicious:	false
Preview:	17935

C:\Users\user\Contacts\desktop.ini.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1468
Entropy (8bit):	5.831528406544157
Encrypted:	false
SSDEEP:	24:vnKL1SGKgmp7ouJfPKQNFHXys33YwTgnjRCokafqQAPE2sMxo+tigfwXd/D4vd98:fA1SGgpzRyKcj+yM0uo+ggfid/kvr8
MD5:	D36BC2E540BA666D99C44E59FD6FAD40
SHA1:	117E43BED7F1175A5533499169EF6FF1B3AFE311
SHA-256:	40E6373C8E5C76984909457C5A83DCFEA889C4CD3119F35ED381EF0F88487577
SHA-512:	4AFCB134D3DC45879AE2C7B4788532DE48B2B9C9C320CFAB8412354D2F0883EE3FEA7326584269E2A91F6989CCD385CF5E4EDCA434F7020601BADCAFECBDACF1
Malicious:	false
Preview:	$.h.}...0........w.2]....$...s........Svu...{......v..zJ..fa...ezE..u......c....f(....A..a...".ME...T..Au....oJ...:.&..w......j.y...........R........nfE..f......g.....U{...?...=.Zv5.....i..P...M.S..y!>!(..U.wV....!B.T.[...\..\|.>......o56.v..\|......y.y.V87y.G.!m.Q. oO+...C...^.#...3d....Z..xU..4......5.. ...`Q...Y.s,..xt.b....D.....3..X#...<..Om.<.1v,Y.....hS.O[.,;7B.m'...z...v.-.V..F%,...sp....{..---8+8---786ac22ca48d71c03760b9ccda148564c7d7226915691bc0c4679ceedf1e17e46d71321380b731bc735eba2232e87f1e5863880750205cb8553d9386b620a954e35df76effcffd4b5a605cd6e7166745457b9134afcae1c6586452daf4b055e0d87f9e2351d24474fe1539c36fabf3e30bcc4e05d226919f8f4760a3885e8670a9ab68bc8ab605901ef1cdd927f4b56ad856e860967d5b1f6b882415ee2c24a41e7fc0eb2a80cfc5778cd8b1bd3c9622a7cbe7a91f37ebb3292b9d36d18181dacea64f93e13aa0b53d5f34b07fc56e147831f09c0dd6c86646d4ac20c95fafbef8df25f9c7ede69e43ca4a79bedc3f4c96918186004d2a6798380986841410a97dd6a0f998765b22c2ec47fecd9a8976c15b23d2b092d

C:\Users\user\Desktop\DVWHKMNFNN.png.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.790107881681686
Encrypted:	false
SSDEEP:	48:Bor2qgOsTfm/iOoYi0uG2Lk6cj+yM0uo+ggfid/kvr8:BorEO9/zohpkdjS0uYtsvw
MD5:	BB12B1C77A1FF4559022FB9EC11EC575
SHA1:	D1307A984AF0E94C61BB7264485A59C712ACB49A
SHA-256:	58DDE419FD50740A309A921249EC6A35F1E8E7B1FBB1F526457D5811C2638A3D
SHA-512:	21543562F19A938A8FA5E4FB7179ABB3219696159E6F7E0053FDDCCB94C4254FBA57AEA0875FA02A0C1BFB96442B45082BFE51595FC4A9930BD9FF76EB2814E7
Malicious:	false
Preview:	$.h.}...0...........$.O..P....i..V...R.h..Q`(...4.S.!.ON..~us.e....~...e'....}..rZN.~....S3\|...J?....}G:.\5..Jx'p.6I.$..9p.wZ....0b..P...}.s....6+.D..O.....w...R..@.....{.o...X......q......mO1\...m...O....Q.>,u. .R.^o.n.W.........T).....L.,...BIs...q..,+....0...i..G2m.g.{..br$.)..XKh..YV...fl\......+H..R....X.g".2!.n.4`.v..p.&..8.b..jq...8..R}Q.....a......~c.Ti...'i...n:..R.u...........y<.'8............p..t..tx..9.#..7..n.B(.h..cyo.....X..7Q.1./a.M..:H k...<^\|...c...k.`.Ih.....P....\|(.S........}..w..t....PM..0.A...R.i...?j..}....(..Lw..."....'.U.L...,.v:.v....~.Z..K...J.....c.6...<.H.4......:.<u:A.0.... .n.ynr<.%0.A\|.'.7..Y.4..8..+.....b..s....G.\|..2^........h....C.....q.id\|.....r9.8z.rW..,.w.=....&..&...:"ob...+=.lI]%.....R...l _...,.Q..._.....i...R..d.........S.......A.....s{ZY....j.5...........Ex.......x.n..R1.&.Qy.D...a*.......I...Q.U...`..[&1...S...7=......z.....\|.y).....{.0....=S;.....+W..@.2{.,`.H...r#.........MTp..j...)...<..o.....

C:\Users\user\Desktop\Excel.lnk.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	3507
Entropy (8bit):	6.036910774055983
Encrypted:	false
SSDEEP:	48:yen5BGGJ8uUaMl9xLUEyYudCMOXudSdMh0+jW7AjjvAlcj+yM0uo+ggfid/kvr8:r5BGZjY0G4uPh0+jpNjS0uYtsvw
MD5:	E3D76DCD14E306F7AB87BDD20F92C1A1
SHA1:	B95544CAC9F90B7490420BF4CFBD1FD2B2001A62
SHA-256:	ACC641B5769E83E4263D3FA0869571B6FA12878B153A5B929D11BB4F80A37716
SHA-512:	0637A30ACEC6A33EA2C252DC0FD7D9BB90F50DB05D9674093B793B1F75108A9A876FA3F19820F47A62BD603477710096590B7988131068EC70AA2183FFD04AA1
Malicious:	false
Preview:	$.h.}...0........E.....e.......u...2#Ga...._mz\..F.G.(d3...\|yX.Mf....m...N........O"..~a.9..#]@.....!^y..~.....B.F...j.4.~..9.M...R.T./..G..qK.s...?f.4S.pe.'..Z...._e......9w.kv3W.....Z.....$c..lDw..l..Q...]..p.z.U....M.m!...p.d..1...R.b .o.<S.y..#...w..}.^.@...^D..JG....Li.cJ...X..h5..6V.T.m.e.!.!:..M17E._tO.4.f..J.8....3..j.../..n}.._..6.`x.8..y.7....>Xe.W.,1...e'.t...h_..Y.O7.Z!g..m(.m.U.....X....(.t{b_M...X...>.m...pv..j....[.=.~.....W....&%f...y.2z....!it....~....?...p.%.xp...M..G.OI.X.Z..[Re...\L...1.&QA/.P..O..=..6.....V.+..e.qcj..).{.^.."DG`.b.'?\X.^.Cu....f.<.\.4...C....#......<.h.Ez..;o[z.J........... ..'..C....SX...8X.Z..2'..:.=<.8..u.P.M.....v.#...g..&]M.m._m.u.dL.b...a...y.p....a dFH.....h..N.....Nh.t..,a.Qi.....H.:n.S.....o1..\|jE.3=\(_....oDda7@q...{j..a...I....X.".]...U...C8.~ 9.]t..aV.<>.7...e.kut...>.OU...C&....u".....UG.9.#NT........ZW...M..D...D.#..'r...........#...5.g..7.k...9D....D..F..X.S..FA4.0Xl..<A.a..>.:..`V

C:\Users\user\Desktop\HTAGVDFUIE.jpg.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.758124410454681
Encrypted:	false
SSDEEP:	48:QzlLHBADdR3dmZ6Dcj+yM0uo+ggfid/kvr8:QJLHBGTIMAjS0uYtsvw
MD5:	70299169DB1D167A4DB6EA5A33E0D895
SHA1:	AFB32ADB82CF0DE6B216A48196F8523A437546C7
SHA-256:	7E10A8F71B95918168AC77A3E9EC48A82BEFA740864DEDCF616E9077DE0FEB3B
SHA-512:	65B4F24226C6E4246C5402D8AFC3AA310C484D587BB18AD212930ED18D16B81D550E564ED28477122F6432721DE0418D74277A3D348A9F9E14AAACF17E065278
Malicious:	false
Preview:	$.h.}...0............L.w~%......W`d..Q.5.....:.R...<...3.!.].)....n."S,S...$.ds..d...{C=.kKu..LGB".-.M.....U..X.`.(An.`.T.K.~...PcR)..B...R.5{.YW..H...X).G.I...N;...B.Wh.k.....9.a....a...x...rW.1D.VX.9..9.AA.6.VM...."..LO.%..._h.i@...Z..Q...{..{g.>..1...N.#..h.X2o..G.......!`....lF.d.2.(^.S......n......^.&.U.......!./v..{......j..l...._Q....Q.S.0.3ph....Q.gK......lP...f....`..&...>.+..qp.Q.$H.#H.u...b.....!v./G]..<...2u....7G.......B.U4..}.....G.....9...$.5..E....8X.d...K...O.B.3._.yp..\|.=Qx.62R..d.5...H.Y....F3'..v... ........i..V...S......mh[$..B..j.;.{ .Y...pL........L......c4."..z.4...4$...Z..'T5.A.X.z.I.8.'..[...l.wQ .zC..[....R.5..B.lSF#4.'s.hC.&3..._..`..v...._Wh.I...u.#u`.+..2...f.TN......Y..p_J.n.D(.e.nh.F..]........ Y?..)...V......v"dY9.r...T..yx...`.!m..gj.g.xa..A..-)M?.u..[..sW..g..Y..m...:Uzg.......Y.Ae...v.7.p.(.....GNq.x4._,...9...v.XdXzNk.<.}...'<.J~.p.'.tq...\|..*10....?'..6.@9.....J.n..h......79.[q.Ml.!7.......K.(+.BR.aNs..

C:\Users\user\Desktop\HTAGVDFUIE.xlsx.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.758124410454681
Encrypted:	false
SSDEEP:	48:QzlLHBADdR3dmZ6Dcj+yM0uo+ggfid/kvr8:QJLHBGTIMAjS0uYtsvw
MD5:	70299169DB1D167A4DB6EA5A33E0D895
SHA1:	AFB32ADB82CF0DE6B216A48196F8523A437546C7
SHA-256:	7E10A8F71B95918168AC77A3E9EC48A82BEFA740864DEDCF616E9077DE0FEB3B
SHA-512:	65B4F24226C6E4246C5402D8AFC3AA310C484D587BB18AD212930ED18D16B81D550E564ED28477122F6432721DE0418D74277A3D348A9F9E14AAACF17E065278
Malicious:	false
Preview:	$.h.}...0............L.w~%......W`d..Q.5.....:.R...<...3.!.].)....n."S,S...$.ds..d...{C=.kKu..LGB".-.M.....U..X.`.(An.`.T.K.~...PcR)..B...R.5{.YW..H...X).G.I...N;...B.Wh.k.....9.a....a...x...rW.1D.VX.9..9.AA.6.VM...."..LO.%..._h.i@...Z..Q...{..{g.>..1...N.#..h.X2o..G.......!`....lF.d.2.(^.S......n......^.&.U.......!./v..{......j..l...._Q....Q.S.0.3ph....Q.gK......lP...f....`..&...>.+..qp.Q.$H.#H.u...b.....!v./G]..<...2u....7G.......B.U4..}.....G.....9...$.5..E....8X.d...K...O.B.3._.yp..\|.=Qx.62R..d.5...H.Y....F3'..v... ........i..V...S......mh[$..B..j.;.{ .Y...pL........L......c4."..z.4...4$...Z..'T5.A.X.z.I.8.'..[...l.wQ .zC..[....R.5..B.lSF#4.'s.hC.&3..._..`..v...._Wh.I...u.#u`.+..2...f.TN......Y..p_J.n.D(.e.nh.F..]........ Y?..)...V......v"dY9.r...T..yx...`.!m..gj.g.xa..A..-)M?.u..[..sW..g..Y..m...:Uzg.......Y.Ae...v.7.p.(.....GNq.x4._,...9...v.XdXzNk.<.}...'<.J~.p.'.tq...\|..*10....?'..6.@9.....J.n..h......79.[q.Ml.!7.......K.(+.BR.aNs..

C:\Users\user\Desktop\KATAXZVCPS.pdf.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.7562863158460065
Encrypted:	false
SSDEEP:	48:AOIQdnV/LzmMWhV96XYM3cj+yM0uo+ggfid/kvr8:AOBdnV//mMWhypsjS0uYtsvw
MD5:	37A7B37376B4AB1848EFB30157FB4AAF
SHA1:	44E321652F6110EDACE79968EAE3A89666F4C465
SHA-256:	77D97E2DCA629B61C14C6CEB959DA01F19523B2A61AE77319C17179CCF570F17
SHA-512:	3D1AEBE8ED7A1BD502A5A7C705FD1D1873A00B0A3BF521CE8CE0ECF76EE2F8C964960C292E2CCF0DC1CFE01459F8962E99F7B181B4E8143DD769EAF334E70DAA
Malicious:	false
Preview:	$.h.}...0.........E<.N.....B....}..Y..!J=...;...M_B..2.b.HY.8.]./1.".fnp>j...Yy-`..V.aF.-.8.Z....O..4...zJ........X...<v....b..r...".2.V........5..i.....E..,.......O...OD..Ay.....?.......A.Wt..m...L..[....>..=;..v...."..\..;...t...h.9...NAoe.u. ..=...?.....h......$.W.f.$.E....0...~.M`B..--Ox.'=.y....isXt.......\.....$.{....:...$A.q.i..W.d......g.f..~@LP-.......3q0.:~.7.d..D.uZ..c..9.e...._...o..:..Rg.-.U..,}.2h.Yt.t....\Te$....X.KKr...D..X..;0.....K].H..^P.F.o.m..4k.....$.c..gfN....Z....W..I...g]X.n..R....$..`V.c7k.....m^,.RV...!......r......qU.Nu.....9........hu..c;o.....L.W..f.l9...H.y.y......w..e..q5.1..W..+5t..x.?`.-c...i..>2...L0`.L.U/..8....:...1{#i.ZJ..l..>J.......s.fg..4[...}).VxSoj .V..l.'..P&,$....`V]u...;z.y...c.M$...W.5.K......u..\|...y....G..ra.bY...b.,.5...Q...A..`..J.....E...R......P%..^.%...........B ...h.5n....N..F.a.%.... PX./c.fV.%\.#..Iq.._.3We."............._F8......5../@k.ytE....3.$.._.*M......J..r...J..

C:\Users\user\Desktop\KZWFNRXYKI.png.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.792810026564507
Encrypted:	false
SSDEEP:	48:MheDbA5QPUOJIdUEEcj+yM0uo+ggfid/kvr8:ueDb13IdtvjS0uYtsvw
MD5:	B513272269C2A02AA484C77DBCC5A00A
SHA1:	0C3F1E6A07AC08376E45B1FD25CDB3930575A8BB
SHA-256:	08D8D5965FF56509813117CE518468395A3BFF019223924F32758707550B18D3
SHA-512:	5B597B8098DAF3345FCB06A325A264A2400901A80DC49875719F8461AED8F1E1B14CDCFC5B15057921D3FAEE09A76C274E6B041FEB5879BE807B3D503B2C72AC
Malicious:	false
Preview:	$.h.}...0........]..J.v..mg.8....m..v..Q....7jJ.. ...p.`O..5mHd..u.w...v<..?N...-.XN....#.C..FuJ.....I.?....,s.9.T..w:.4\p.;..I...........D..J.eAz.y..o.~.b3v.J.EX..;..X&..H..f...J........1\|../..H..L)9..i.x.".I.&.\|S..v....."Y..B.2!...!3.../.\..g{..#..........[~.....s....j...c..v......p:.3j\|.E.......-.........J...0........b...))..l..v..R....^.:L.Sh....@.<&....ksH.1{.B?3.kF..6.Xy...7X....L....2....-I...B.S..`......g++.............x.j...5.$U>.0.;B...o.[.....Rm/.w/N.P........;[..&...=.m<...v..KU.5Y<Gtn..B.....I..'w.r4...5TK..x....L.K....+.....8..O..#..w6....b..7I.#.8.X..<.<R.Wo..;KA.-&.../....o..4....w.V.t'...E.......j..[.P5.A....!.i..wN...d..Q.+.p......EF.,A.....s`R....<.....A..}....>G.}.../....2.L.,M,.....8@.....cJ..S....5....,.@....&....,.O.w.\|$.=.s....ym.........X.g.W.7..."qaH..0.....f.!>.\...?.S.....D.....w..[...p..V......3('..*.Av2l.C..$.(x-.".?./...+.F....6z.A^.........@.}C?.....a._+......G...=....).6...l.t....x.`KG.u...s.]<..PV\Y.

C:\Users\user\Desktop\LTKMYBSEYZ.mp3.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.75578737172799
Encrypted:	false
SSDEEP:	48:5DjMG/OCpPktKaUjvetRcj+yM0uo+ggfid/kvr8:5D4etqtk+mjS0uYtsvw
MD5:	8C373C9B3FD2E38F503B0DAE4EC7D050
SHA1:	9C32DE3E8D77C6B9333B3EFB3CCC15120C1FC3CE
SHA-256:	503AB871910FD15DA45F9918CCCB27A7826B4CD39161A9A4883FD66F8BAC00F6
SHA-512:	5FCBB1ACA03F2D8C51F76276288527C49FC4ADB931A2E5C9C9E4436D61C3F06C05D072926CD8ABD564932CE0458AB50D24D86E262E5C31EEC7ED7A467D8E3878
Malicious:	false
Preview:	$.h.}...0.......+b.L.mdV..zFo...5cVW......:....@...=.z.....q..I..b.x..l .~...n..x..5..gq.....TpE.e...%...d....qkYa..R.$.[E-9....W..C.0.....0._.0...^..<...V..]I....$.O.+.$.B.....o;.....m.(g......CB.w..(...{....B..9.s ...J......c]!..5......X..=.....i.E..Z.."z..%.=. ..g..J..U4k.o...9._...N1>V.7~.._N....X.T....#.>......p...3E5V...1DL..#1?......5<h.K.....>]a..,f.,..c)..&......?m...'Y0..?..}s".....IE.P....au(....p.....~..N..D...l..`......W......,v......b.T..7n.I.m.f$,m..3.....1.r../u..:..v.R..w.A..j.e..$n.'.T.X..{..].......k....W.a.m..N...:U...........7......].....'.P5.;...h..~.8.Y.L.1=5^mL.X....?\K`(a7v5...5uD.........9.X.-...GD..8.....+...'......N....3.].w.e.M..L.9.4$u......,6.<.r..7@9.>N%.V....u}I...0..2.{aM(..G...".e..o..}.p.g.......K@+.....\......f...B.H..c.Y.X.<gm..ZV..O...?4).......t..q....sr.....~x..R&.........j7..h....._j@...y..m...>.<.....#a3:....g.p.....(2+.. ..t......_..`.u.p...p.^..<R..W".....dK...m0...4.B.Ln.......(.H2..?~}

C:\Users\user\Desktop\LTKMYBSEYZ.pdf.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.75578737172799
Encrypted:	false
SSDEEP:	48:5DjMG/OCpPktKaUjvetRcj+yM0uo+ggfid/kvr8:5D4etqtk+mjS0uYtsvw
MD5:	8C373C9B3FD2E38F503B0DAE4EC7D050
SHA1:	9C32DE3E8D77C6B9333B3EFB3CCC15120C1FC3CE
SHA-256:	503AB871910FD15DA45F9918CCCB27A7826B4CD39161A9A4883FD66F8BAC00F6
SHA-512:	5FCBB1ACA03F2D8C51F76276288527C49FC4ADB931A2E5C9C9E4436D61C3F06C05D072926CD8ABD564932CE0458AB50D24D86E262E5C31EEC7ED7A467D8E3878
Malicious:	false
Preview:	$.h.}...0.......+b.L.mdV..zFo...5cVW......:....@...=.z.....q..I..b.x..l .~...n..x..5..gq.....TpE.e...%...d....qkYa..R.$.[E-9....W..C.0.....0._.0...^..<...V..]I....$.O.+.$.B.....o;.....m.(g......CB.w..(...{....B..9.s ...J......c]!..5......X..=.....i.E..Z.."z..%.=. ..g..J..U4k.o...9._...N1>V.7~.._N....X.T....#.>......p...3E5V...1DL..#1?......5<h.K.....>]a..,f.,..c)..&......?m...'Y0..?..}s".....IE.P....au(....p.....~..N..D...l..`......W......,v......b.T..7n.I.m.f$,m..3.....1.r../u..:..v.R..w.A..j.e..$n.'.T.X..{..].......k....W.a.m..N...:U...........7......].....'.P5.;...h..~.8.Y.L.1=5^mL.X....?\K`(a7v5...5uD.........9.X.-...GD..8.....+...'......N....3.].w.e.M..L.9.4$u......,6.<.r..7@9.>N%.V....u}I...0..2.{aM(..G...".e..o..}.p.g.......K@+.....\......f...B.H..c.Y.X.<gm..ZV..O...?4).......t..q....sr.....~x..R&.........j7..h....._j@...y..m...>.<.....#a3:....g.p.....(2+.. ..t......_..`.u.p...p.^..<R..W".....dK...m0...4.B.Ln.......(.H2..?~}

C:\Users\user\Desktop\O0dZdy12ak.exe.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	6671388
Entropy (8bit):	1.8144918431201122
Encrypted:	false
SSDEEP:	24576:/pMJWw0bITXB6Wb5tdV3yWHDDWrbQzzH57sFqgvc:hMJ6bAB6WndV3yYDWrbQ/H57sFqg0
MD5:	EEBE284A87B0EED8FCAF8FB3C3CBFFAC
SHA1:	79827F208ABB77F58F2504C7CDF1DEB14142EB3F
SHA-256:	71A3190B25EA45243C5ECE48C7DB5337A245446226C69B431DA8F1315D0A908E
SHA-512:	AFA63B6B97661DA02E5B5FFE71B8F56C0F0C841B7A695F007F9343167DA724B0E8142272D7297A06906AEDB07E00BCD1C51112367622D4403D84231EF6FFBD19
Malicious:	true
Preview:	.}>..y.....}8#{..H<.K....t............"s...u......y...g.@[WEB.P...F..........1...1z}"...~d.!...O..s.i.1..5...e....A...k..4...Kz.......m.S._.(u. ..4......W'......i..p..4.......R....t6.. ....DW.._.~...p.....M$...~b.....]....2"L........T...eo.......,}.?-;.}].,.36.!...m......^&.,0^..f.)..\|......{..p..x..A...OQbh....s..[h..9a......D....h.9..7...C.....M.z.\|e.."-'..7.iR.._.R.o..i(?A.HJ.....aS,...d..G.j=...n.....n.....F.]1MM../.~.T8..H`>.'~_.........C.}A!.31...8.&.D..:Df..M.?n.J>\|$.>Lb/0...!....mB..z...AD..3/..Jx ...0......G...#.:....c....T.D....T.L'..H./7....>...[b.S.9wc.c.{.#............).0.']....7.}....I...~i9.T.^.{.3R.L..).^,...?...H.$(.._.;kg...n......x..$.e...3<..}.A..D..vQ.0\..Lq...GU9S......D...$.....C....~.....Cz....A3t{_....5'...F..tx.>..>9d&tJ..u.. .j=.y...Z.4.\|y.Jr.jI.%.:..E...)V..&....\|J.>..I{..F.-..:.V.....iy.7.3..@.cq..........{C.J..._..&....}d:...N.?.:%........o.n,...(}=vH.T$.?.i..^U..9.#...;...pU...it..D..\|w.,g..pa.;..B.ww{..KC{..

C:\Users\user\Desktop\UMMBDNEQBN.docx.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.743935521855639
Encrypted:	false
SSDEEP:	24:RHsktPUO0AABMubS6Cmd6V2NdVRYA/ZqCARyKXIFkmmtlEcOzhVUi25LvU/QoiqF:iktPUOCGAS6Cmd6VqR5O4FLLh8CiBy1D
MD5:	611815D543E846C3FB1225637F0DF61E
SHA1:	9708F4E33BBD01ECFCEF93BBC83C9441C3580E4C
SHA-256:	3171F236E3AFCDF96372346F63759A4959282BB6B23C050457B0F26B098B15D4
SHA-512:	D9053BFF776F7FDE7C948AB4601F961F3ED81C6766BE1E5981468A963B2629F9D3091DB64147DBFBBD77CA11E806DBB73A8EACBC09B6B4121A529B62318A9E4A
Malicious:	false
Preview:	(2v...;.p... ..^.L.(./G....;. ..G..b..L.?.M..p....wQi...\|.J+.lK..\|Y.k........c..S..4...1+4.0...L..........G5....+'c4.~.H....N...C.I.!..a.$4M ...S.....+..oca.Z/...0.}..v.MYV....S..T....?.JP..4..r..1.kP..R.4..A;-..!j...C..:.....Jf...C9..2....~f.s...Y$!..=....CDHE.G.\..R.e...@..#...&....D.k.....h$.c...f^..>....A7y..c..b....Z.X...&(.w.c....Q.C.9...??...7.S>].'..n.[r. ...t...V.%..s}...>t9.l...pA......t2]...)(.....#..1....C...m1..f?(:........2.h_l....................a..A.Qib%.6......&J.._,..&).h....q.+.r....3.....6..{.H.....tQ..[..Z...m.6{X..y9............W....!\|Z3...........F.I.F...$...\|.. .b]..J....`.r.]...1..O.Q.2...j..\|.....mtu#... S../.D....y3C1#....n.!.B...rn....O.q..:+f%..b.}.1.{.jH.'.F..j....-xI...w........ nc.%.olg..I.K.1..z.y.s.$F.~GD@..\.L..{...XfM._..g.[..R..?....h.....!..H.\i.oG}V..3..L......7....a...8.,......K..1.........../...I...B"E../.fE.."..m.Y..&.ao..T.\..K..O......3....<*..r...?Ujs.qp....mb.G....V0m..2.S

C:\Users\user\Desktop\UMMBDNEQBN.xlsx.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.743935521855639
Encrypted:	false
SSDEEP:	24:RHsktPUO0AABMubS6Cmd6V2NdVRYA/ZqCARyKXIFkmmtlEcOzhVUi25LvU/QoiqF:iktPUOCGAS6Cmd6VqR5O4FLLh8CiBy1D
MD5:	611815D543E846C3FB1225637F0DF61E
SHA1:	9708F4E33BBD01ECFCEF93BBC83C9441C3580E4C
SHA-256:	3171F236E3AFCDF96372346F63759A4959282BB6B23C050457B0F26B098B15D4
SHA-512:	D9053BFF776F7FDE7C948AB4601F961F3ED81C6766BE1E5981468A963B2629F9D3091DB64147DBFBBD77CA11E806DBB73A8EACBC09B6B4121A529B62318A9E4A
Malicious:	false
Preview:	(2v...;.p... ..^.L.(./G....;. ..G..b..L.?.M..p....wQi...\|.J+.lK..\|Y.k........c..S..4...1+4.0...L..........G5....+'c4.~.H....N...C.I.!..a.$4M ...S.....+..oca.Z/...0.}..v.MYV....S..T....?.JP..4..r..1.kP..R.4..A;-..!j...C..:.....Jf...C9..2....~f.s...Y$!..=....CDHE.G.\..R.e...@..#...&....D.k.....h$.c...f^..>....A7y..c..b....Z.X...&(.w.c....Q.C.9...??...7.S>].'..n.[r. ...t...V.%..s}...>t9.l...pA......t2]...)(.....#..1....C...m1..f?(:........2.h_l....................a..A.Qib%.6......&J.._,..&).h....q.+.r....3.....6..{.H.....tQ..[..Z...m.6{X..y9............W....!\|Z3...........F.I.F...$...\|.. .b]..J....`.r.]...1..O.Q.2...j..\|.....mtu#... S../.D....y3C1#....n.!.B...rn....O.q..:+f%..b.}.1.{.jH.'.F..j....-xI...w........ nc.%.olg..I.K.1..z.y.s.$F.~GD@..\.L..{...XfM._..g.[..R..?....h.....!..H.\i.oG}V..3..L......7....a...8.,......K..1.........../...I...B"E../.fE.."..m.Y..&.ao..T.\..K..O......3....<*..r...?Ujs.qp....mb.G....V0m..2.S

C:\Users\user\Desktop\UMMBDNEQBN\HTAGVDFUIE.xlsx.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.757772660224696
Encrypted:	false
SSDEEP:	24:7vstZI2Tb3fBijGk4WKeQZkMJ9m/7v1HV0fdCARyKXIFkmmtlEcOzhVUi25LvU/P:YZIo3dXejMJ9I7d10fR4FLLh8CiBy1D
MD5:	53BB9D5BDF20F6CF1314A69C1C3F04B0
SHA1:	4E1043F1DDBF78D0E6879B70977A2DF9A359BB28
SHA-256:	54409DD163C432878C758DB9426BB70113284F7ECFC9B594835B9965AE4447ED
SHA-512:	C6E0B1432312BDF20EA39013F4F8D59DA6C287678A7FDFD462DDF590AFC5CBB78D9C569B4318F26E2DA403D4B99DBBA60C5677D12E1D084BDE521ED0B8FF6191
Malicious:	false
Preview:	(2v...;.p... ..^......O..g..P.5.}v....k^.H.UMD....,..j....8#.+`b<p..{1.j."...:.....o..zc.._...No.....\.._..p.[...l".!..4.,..wFb....+E........G,..LC..w...O6..5R".R.k.._.M.../..B..`coc.OCb..+S....E..U..^.4..b..5..[S^.......n.q2..o.2.#....2.........g6.!.....AQ^.vp.)`.....2.<.a.2..'....$M...d[..J..R.W.TE.3..c..j.._.c".........VzIw..o.N.<....D..d.......G.. ..~\f.....)........,....a..u^T@k\|]...6..-.~.z.m.....x....t..MK...K5.O.]..X3.{..]J.L...It&..O\dqn..8.R'..7.Y.v1.Z...<7U;%...P.+A]..Hy0(~_'....57..........M..X..#.....-oJ.aXdruhE>5.........h.V.}.&....Dfd6j.S.1.. .../..>....LM_.s5...0..Y.)....5...B^.yl.}P.>...................=....I.@r..7.W.J.G.3.m.W.. .1./......:U..u...$."....v.....#.....].9...5...,&.........Sy...I']P.@..]F.+.Y..$.....'.@g.Z.........\....k..8.y!\|7Ze..V.n..d..%........Y.....{.`.2.k.S.]..h.~s......Y...pP..k.Ivj..s.S.8].9.Z..?6.).}...5I..=3..z.xE...K.q.....B.....]..^.....b.Z V....U..%..X...w.q..U...!K.~Y............X.~..7.

C:\Users\user\Desktop\UMMBDNEQBN\KZWFNRXYKI.png.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.753095586531855
Encrypted:	false
SSDEEP:	48:okYXTpLeq3rS+7R8I9Uq74FLLh8CiBy1D:oksTpLep+V1aq7uLLh83iD
MD5:	61F65097A7BDB8AF3F28AA300E387371
SHA1:	4DA24DEFD75E523BC629D493BAC22C67D2D58FCE
SHA-256:	4292DC06F0465D3D6F9554136DC411F6BF3D0CDA1E7536BF278E8F29DDF254AB
SHA-512:	0ECA31FBA34C262CEBC988B36239D0B2642DCECBA7AFDBC759A363153FD60FBA11687FBF3A6AF5F101C6A3D0CBB45C9077212A26FF79FC34596AD2D4FCE0F768
Malicious:	false
Preview:	(2v...;.p... ..^Q.m.3..E..>_6.ZeK.S.u..x..z.....h.%?...DX.]._..>0.P......,._.d....h...d.SAP.........H.b.z..."KVA.J.3..=jW..b......!S...I.\..D..l.J.(...w..0.}..:c8....1.M..........J.B..' =.....m.2Z..\z>m..\|H...jF.....-.b..&..D....3..x^z...4.<...u.K}k.>Ct.X~....+....e:.[..{..\|L~.......4?./uD...hy.q.....LA.+.\|..Uk........%.6.Y.F+~...L....".l.}.#u..5.P...h.._....Ht...v.OP2t.f\|LEw.C.y..'.T:Ze.L5m.....h\..l.6\|.3..H....o.jM\A.e.Z....z#I`.....#..........\|.i..H.4...aUY..D''.I.M....-Gl....8.f.60....T.....).?..).`_....V..-.....x....9.}9.E.7a....W.x...M..h...mq..(..e.G.e .z.T%..s.w...7......d..v....{.../......j)..8...[....n01H.....C..I......(.'o.N-.&V..p.W..9m.Z.3...r'.X.....d0....^.lgu.g.....J....x.G.B.K@k..h.l..+...t{%.M.w.KH..Z....4......u.{W..hs.._O....'.s.0s.....W.........]....................G..f\....W..............t.7..b......m9...K..-py+M1....j.w.4...I....[..#d..fh!....$..].T.A.......iiM..A..Y.R...%fQ.&A.........D[.a..]........A._Hs#..*.L..7L..

C:\Users\user\Desktop\UMMBDNEQBN\LTKMYBSEYZ.pdf.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.773150220444779
Encrypted:	false
SSDEEP:	24:A8UXHuZhG6AKYt6KRLn7SUEbfM+zKtJ9cL3SwIZCARyKXIFkmmtlEcOzhVUi25L0:bBs6KBmbEdJwi9l4FLLh8CiBy1D
MD5:	44F3B8471B856D4D1E73AF030F00B3B1
SHA1:	A12810219389CD3564FCEA759E437970BB4FD043
SHA-256:	3F7E071038398BBAD12A3E694BE2336643A4FAEF9199AD3CCCB7C244A10CEAB6
SHA-512:	972B2765D0A627272D710805136F57601CB72E5B47D944AE76F89E0D9E132298F9B767AD00EE99B7204B3E7251655496A3EB63D9C015D12E9FD1F3DD91E83137
Malicious:	false
Preview:	(2v...;.p... ..^...C..{h..'"-....4/2j...J...r.N.J_/.......,V.-.)....y4K.q...$)...CP.e........D..qnQ..RN.z...:S.>..`...2\|.e.'...Fz...2%9}q....;............H_\|I.~......n7Q....A.../.&CW.,.b..}8a....I.S....O..Z..8.....P{g`'8..Le[!(..[s.,....z...R...............9_.....G.>..z..,ZdAk.k........V.L..w@.Q.u.Ur...{....;..B.....a...l.L-.P.....8.m.;.Q.0........$.Z.9W..J...u...B.......H....Xw.....?...XG...~.t."..!.(.9,../...%<&....S>.t.]......?,..{9.Gc.....Ur..H.f."..\...V.J.&.X..N...f...&...B..ue)..H.u.m..K..i.......vy>.p..._.L.Z..k..Pi.d.?..zmY+aP,8:x.v..E.J.y..o.d..lbj..{..<...@.;...`F..+5.~.....i&}.'....=a..k.l7..M......h.....-.<A.N^M.b...k....&C..VQ.EgFfV..... {S5......S...G...BzO.K.$......c.M.T.C....y..._.):.g%%!.....BC...Uhb..N...5A..?r.R.h.o5.._.'&.S.l..\|p].e.\|..',>..x...\|.z...[..`..{s...K_?0........'.1...z.......*...4..!....[#(...H...'].Bg.E.'Q.<.%Px.2.c...P......M9wW.e......E.'`.9)...2.tR,dT"~1w..{.\.....\ 5...A...%)...'(....9...#.......?g\|.

C:\Users\user\Desktop\UMMBDNEQBN\UMMBDNEQBN.docx.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.743935521855639
Encrypted:	false
SSDEEP:	24:RHsktPUO0AABMubS6Cmd6V2NdVRYA/ZqCARyKXIFkmmtlEcOzhVUi25LvU/QoiqF:iktPUOCGAS6Cmd6VqR5O4FLLh8CiBy1D
MD5:	611815D543E846C3FB1225637F0DF61E
SHA1:	9708F4E33BBD01ECFCEF93BBC83C9441C3580E4C
SHA-256:	3171F236E3AFCDF96372346F63759A4959282BB6B23C050457B0F26B098B15D4
SHA-512:	D9053BFF776F7FDE7C948AB4601F961F3ED81C6766BE1E5981468A963B2629F9D3091DB64147DBFBBD77CA11E806DBB73A8EACBC09B6B4121A529B62318A9E4A
Malicious:	false
Preview:	(2v...;.p... ..^.L.(./G....;. ..G..b..L.?.M..p....wQi...\|.J+.lK..\|Y.k........c..S..4...1+4.0...L..........G5....+'c4.~.H....N...C.I.!..a.$4M ...S.....+..oca.Z/...0.}..v.MYV....S..T....?.JP..4..r..1.kP..R.4..A;-..!j...C..:.....Jf...C9..2....~f.s...Y$!..=....CDHE.G.\..R.e...@..#...&....D.k.....h$.c...f^..>....A7y..c..b....Z.X...&(.w.c....Q.C.9...??...7.S>].'..n.[r. ...t...V.%..s}...>t9.l...pA......t2]...)(.....#..1....C...m1..f?(:........2.h_l....................a..A.Qib%.6......&J.._,..&).h....q.+.r....3.....6..{.H.....tQ..[..Z...m.6{X..y9............W....!\|Z3...........F.I.F...$...\|.. .b]..J....`.r.]...1..O.Q.2...j..\|.....mtu#... S../.D....y3C1#....n.!.B...rn....O.q..:+f%..b.}.1.{.jH.'.F..j....-xI...w........ nc.%.olg..I.K.1..z.y.s.$F.~GD@..\.L..{...XfM._..g.[..R..?....h.....!..H.\i.oG}V..3..L......7....a...8.,......K..1.........../...I...B"E../.fE.."..m.Y..&.ao..T.\..K..O......3....<*..r...?Ujs.qp....mb.G....V0m..2.S

C:\Users\user\Desktop\UMMBDNEQBN\WUTJSCBCFX.jpg.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.768289943014402
Encrypted:	false
SSDEEP:	48:VMuGYya1C8U3wgikyPEJYqa0m4FLLh8CiBy1D:VMuGYyMCF3RLNmuLLh83iD
MD5:	5AE8A7E957FEB3FADFAF35E387A07CC3
SHA1:	677A302ACD3882DC3621FA8DD3410DD76A2559B1
SHA-256:	51289C94A2483CFDEF14CB2D6CBC7F5160A405FC60BA33309EE53C2CFC0B0173
SHA-512:	853C21680B8CB0B87C2967C290C96762E0BDF68B54485B59BCD70BE1E7C11067547B14659A9B98D4D91FABF7BACC96B6F0E117C7BC7648C74B268A65FBF1041F
Malicious:	false
Preview:	(2v...;.p... ..^1.!~...Hmg...q.........m.......m.,..ds....7....5.q...U>........H.O.S%..E.0.2.w....."....x......t.D.$.=.....~......3[.._U...3..}D...,.....f.......5e..#..C...<V.p....ai).D....\|..x_6;...u....N.p.G^....n...F.m...K...IC.o...8...B..,..M.......d..TBK.....K.?.........lJ......w.Qh7..k.y..k.e.. ..T...G3.(.g{q....6sC..wD...`II..B.u..P)m4\|..7....n"8...F...r;.s....,...=...D..?...E/ ..`c.A6..H.U.F..m&.[Gs.."..B9..}F,.$t..>....T..._.....}4. .v(.{....V...O`.W.......nT...3l.fc?u..?.mk..x._.......4......'U..ZpuA.D.z..6...s..i.:N....?N..?f.!\|........B....M_.s.........)......X..P.j...e...&HK..!..wJ.P<........cq..<.+w\m.........:...m.s...8.....X."u2..G.m.F..D.+/.....[.C5v.8.....Z...85.)...h.b..(.ZO.....j..Q]#...P;..U.`E.y.....K....E..el.6.n..?.nX..F....YC.9...io..#+.8..s......ak.Z\|.\...b"...jt..Ms.Z....Mm.k..:hUhf......t..1 Q,E..H....2.......\|X.W..F[.qw...U.]WQ8}8>~w..FLC....x..E.v.`...B.~.....]........I.....I.)..AJ.l....z..3....S..+

C:\Users\user\Desktop\UMMBDNEQBN\ZBEDCJPBEY.mp3.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.770540904821082
Encrypted:	false
SSDEEP:	48:XqjvffWk4X2wxizKnXa9OJKDbFOnjDgNCUoA3VVb4FLLh8CiBy1D:ajvt4X2wxizXUKOnoNCUosTuLLh83iD
MD5:	09D9B7115964C8E96041C83167B3DFCF
SHA1:	5B906B24B20605EC5D2E1EBD16322F27C34C86AC
SHA-256:	3EE7FE289D643E30A992FE842E78579E9488CB1CB59AF783487891CD2A51C462
SHA-512:	CD67C89628F9B7D574CD5FEBCD158BA98956115E6B5333F1FBDA33F69473F507F9C765936D05D079C0BD245F95408F3FFD93C03BB5189959E8DD9D55289EEEA4
Malicious:	false
Preview:	(2v...;.p... ..^...gX)..`:...(H.~'....I.`.u^..e.&.v..U....H.....!..yQ.....#..p).....?.<.m.Y.?H....g.:7m..T1X..`....#.U......6...{%..i..g.k..~.}."...KC.Y......J-t....I..8.3m...xN..m.D..Lw-.e7.b..`.._/.).9..bF....7.=..8.:T.R..).%S.<P...B....z.vv......(B...LxV..[Z..n..g...R..W+............?.N...bk,`2.....b.m.....t...lcd@..$..k..L.e....O..L.e..dCXa.....^tL......a.@..f.Z...:Ri...-..Ey..{X[.%..........3...W.-Y..."O....-.\|u.[...;qPNa.b^u.J.3.U...57!..........y...<...O6....d.x............\.JgU.m...G9...(..j._..^...6`.../,/.../.T_.gpg~M.....lRlB.:v......\|..yXH.....y.....}.}._....9......o.. .y...A...J(.._)...b.W..N.$.d^...vG.._.L\;A.;....t...^.q....s.)......Z...p.J.j...(..EF(..J..Q..xQ....+m..?...+Tj...."+G..7v........".L.....:.H. ..O.WgTC.1.0........T>.-.._*....Pi>...(..n..On.cB..BW.".s...(.....^.I3./...v..l..RI%..s.eC./.g.4W.S..ma.m...+..[.L!.....b....Yn\u.A..$D.B..b.w.Zl.x....h..........W.L..YGY.......fFb.2e.v.t........g..qz...R..\.$..E...

C:\Users\user\Desktop\VLZDGUKUTZ.docx.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.757159234100293
Encrypted:	false
SSDEEP:	24:odvs75mYmYvPI4AdsIILn4yBDGsmBJMtsJP2CARyKXIFkmmtlEcOzhVUi25LvU/P:oz/Yvw4pIIz3DG7BJHPk4FLLh8CiBy1D
MD5:	5768D7E61AEE3FCC5D48379BC083E94F
SHA1:	69A6CA978CE89356A3C8A274A8E539C2B0A786C7
SHA-256:	AD952778BDD4EC677EE5D82C1C722E8E4ED616D20CBFDD4AD1C7298566671DA1
SHA-512:	334DE2D8DFB0A3CB7EE5DEEE9744759BB49587A0D8BEF728C2E20E259C16C0456E18EB57176C7FBB265EF70E6316491A7ECBEA8F4940093CDE786AE7A3BC82AF
Malicious:	false
Preview:	(2v...;.p... ..^..1...P$C..6.t..~{#..Hc.&......d.....2..K..gp.S.N.....m{..../..y\|.5.6h...2.xXM.....r.or..;.'....g."....I..n.^...w...Y .v...[C..a.o..ZPG...E.7FgW...,.. 2....p21.....)y=.gy... .hW......k_.fj...#\|xG$.p5x.5.>._o...k.&.Y..>\|+D.h.....^..sg..g...n.q^.8.#.O!..>"}...G..:.q......{O...oQ..%k.=..u...V..."....t....U&.)...68...69....p.eV.P..H.h.G...RX..W....5h..=~B!\...0/....]...o9...i-.8.....G.>\..&.Cy..G.%.?:....X.!...c. B@...=.q...D.V....cd.c...W..jZ.k.....Nl..v2d_....Q...].L..M4.VQ..se..ys..N.s..@$E...).m.....jv.....L.y3,..+.{G.o....n.!..S.R]....pP...:.>8I..]J2.Y.......!Pm..g..X.ra....y.6.5...........t..%.{.={.....yG-.}W..:.3..K0.}..VV.....Yq.fH.)..0-_-..[9..2..q....,H...6..XF.12.3cy.9..og.;`..w..l..!.7.#^..-..5b1..i...R..N.]^]. .,.?S...?....#.:p..(A}S....QBt;v...L.;...JOp...oD@..M_aJ....6.$..K;a\^Q"..D.....A.G..'.:...,=`...C;......N/ Ox~,}..RA...qo&&.e..Hr...J.^z...r..............uG.b.......V..`.g."..6...#....c.....q..j<...)%..B

C:\Users\user\Desktop\VLZDGUKUTZ\DVWHKMNFNN.png.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.7456656200028595
Encrypted:	false
SSDEEP:	24:ychOqUh0lw1qsL5yA3bz2AYH7j1FBz3zjlQ8YFbCARyKXIFkmmtlEcOzhVUi25L0:Rxdyqs9yUix17jl2N4FLLh8CiBy1D
MD5:	3409D4050200F62AD6D3A02E9C7ADAAB
SHA1:	1E7D0A37CFE576C621E4DA3E71466AB3BA36425D
SHA-256:	98E007A5A91CEF757925B3DF26CEF0C5996818FB49E3DC73CD947472BB9CE412
SHA-512:	41339C4A55BBFE3C89619D194F60AF504C3C67E4936A21994472152E186B8D1B1AC1DAB8C170FF0EDECBC715223FBE4539DE3C5A3FDA8D70BCABEC1F89F8034E
Malicious:	false
Preview:	(2v...;.p... ..^..[@s..1q.G...3.JDjc...>.S.....#f......A..V.6R..$.S...x.x.g........:.CaQ[_].+.X..o...Z.a9....2.$....Zs.5.:V...r5...T:M.-.G%.H0.a..b....5..- .eU.} .53..B..6H...n.......sO.....aD){.a...........p.............y...........`<g...D.x..$..?\........#.Y..on....l}.e....~.H.....c'N.Z@.9..\[.$..{Q\I...}...T.6.......^....z!.....d..&-._E4..F..#cvY.t...2.j..W..H...s...!.a..9.pt.w..#...`.....B...k...tt....&t.ii860..(O\....]Q.........%9en#&L('....k......b3.w~o....0a.....v.E%.....YU.u&.a.:.9....x%X.......eT.TaD.9...bhJ.W+...&...mu.>..-...Fh.FoKY.......N....x......CCX.q....$%..B.;..p...x.U@..;P3x.z..3.c}u..:.y...73.......".H../..`.y...N.o$p.[$}....~..x.a..p....y......-~...\/.1w.^.,...V.....o..d~l{^A....}..f..B2\|.....p...v......8:.e<.=....?.+..pI.....)V.....e..s.a...../@......&\\.....D.q.../A.U..&>..d.....S....I@\|..8'`.l../z......D}.}...m..@.+.........%...P.h..5..j<..+.O.w...n.qIVjzx*UK.<..)...r.9..i."..chHl...~./......i..c..Tz0.....

C:\Users\user\Desktop\VLZDGUKUTZ\HTAGVDFUIE.jpg.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.757772660224696
Encrypted:	false
SSDEEP:	24:7vstZI2Tb3fBijGk4WKeQZkMJ9m/7v1HV0fdCARyKXIFkmmtlEcOzhVUi25LvU/P:YZIo3dXejMJ9I7d10fR4FLLh8CiBy1D
MD5:	53BB9D5BDF20F6CF1314A69C1C3F04B0
SHA1:	4E1043F1DDBF78D0E6879B70977A2DF9A359BB28
SHA-256:	54409DD163C432878C758DB9426BB70113284F7ECFC9B594835B9965AE4447ED
SHA-512:	C6E0B1432312BDF20EA39013F4F8D59DA6C287678A7FDFD462DDF590AFC5CBB78D9C569B4318F26E2DA403D4B99DBBA60C5677D12E1D084BDE521ED0B8FF6191
Malicious:	false
Preview:	(2v...;.p... ..^......O..g..P.5.}v....k^.H.UMD....,..j....8#.+`b<p..{1.j."...:.....o..zc.._...No.....\.._..p.[...l".!..4.,..wFb....+E........G,..LC..w...O6..5R".R.k.._.M.../..B..`coc.OCb..+S....E..U..^.4..b..5..[S^.......n.q2..o.2.#....2.........g6.!.....AQ^.vp.)`.....2.<.a.2..'....$M...d[..J..R.W.TE.3..c..j.._.c".........VzIw..o.N.<....D..d.......G.. ..~\f.....)........,....a..u^T@k\|]...6..-.~.z.m.....x....t..MK...K5.O.]..X3.{..]J.L...It&..O\dqn..8.R'..7.Y.v1.Z...<7U;%...P.+A]..Hy0(~_'....57..........M..X..#.....-oJ.aXdruhE>5.........h.V.}.&....Dfd6j.S.1.. .../..>....LM_.s5...0..Y.)....5...B^.yl.}P.>...................=....I.@r..7.W.J.G.3.m.W.. .1./......:U..u...$."....v.....#.....].9...5...,&.........Sy...I']P.@..]F.+.Y..$.....'.@g.Z.........\....k..8.y!\|7Ze..V.n..d..%........Y.....{.`.2.k.S.]..h.~s......Y...pP..k.Ivj..s.S.8].9.Z..?6.).}...5I..=3..z.xE...K.q.....B.....]..^.....b.Z V....U..%..X...w.q..U...!K.~Y............X.~..7.

C:\Users\user\Desktop\VLZDGUKUTZ\KATAXZVCPS.pdf.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.74164538654264
Encrypted:	false
SSDEEP:	48:a3hrnDm9b9jIhKt9RZUHzDSfFT4FLLh8CiBy1D:a3JG9jIhEXZKzDSftuLLh83iD
MD5:	26DBA3658DF0E2FA15732402CD7E368D
SHA1:	28D7109F4767EC7A502169D4C6BA210AC0F11FBE
SHA-256:	E97964BCEF915CECFAF1BE2C6D095EEC749BEC196C9A75F4B74526642C09224C
SHA-512:	819C81429662E034FF38CBF989008E596588540FEFB15EF98F9ECAE7E3843E8947083D3F08E209C2BF44BB499D7B90CA07DF6634414ED3B7E8866EA8B34358A6
Malicious:	false
Preview:	(2v...;.p... ..^. .}.?eh.p-N.X.:vE..l.J7..%i.Vm.{jx .C.\..!....W5...{=K....L....Z.}..%..x5......O.....%#......"...l..M.$..M...'./.+b)W........0......~..-)..8.B..8..eLt.%.#.I.5......u.}..#....v..l..v`....AB7wf..".1ys...{p..$.w .[.t..}.X.oJU...1...B..6.a...?;...;.3.;...Km3.TK........i:..M.0..Y...G. GO.H......9..wKu......?H"B....hH.5Q-iH...l9..Rat..C+..^.k.,.9.Z.V..}zm.kk./...j.o..........".e..v:1$S.Uf\|...";...K.@..Fk..'O.'....&......}u2.....t....h..i..UwY.{..3Y...1....Hm.#..!~..F.b..F....M.q.....h.."{.WC.a.1.B...-...lA....g.......d..,.........?.N...\|.s............;b..."...>..(..K<cjf..(I...r..J..W..d.b...#uB...@.P.S]&2.E.1h.....?...'.....m.....X...=...F.iK...9....7h..\|.....1...b..R3..=^O.]..7.C..........2n.>......9...S..;..W..J.N.D..gD..WBx.p5&..(j.U...._y.f=i.5...@.A..B...s.\Q2lZ/./..5.I...od...D&$...D...A...fk..s...n.)e...r...?..f\|.;X.$.<4v..6s\|.%.....^.O.7...F.3..g].$....b....1...+..F..xcIv.....-.$.6..M..

C:\Users\user\Desktop\VLZDGUKUTZ\LTKMYBSEYZ.mp3.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.773150220444779
Encrypted:	false
SSDEEP:	24:A8UXHuZhG6AKYt6KRLn7SUEbfM+zKtJ9cL3SwIZCARyKXIFkmmtlEcOzhVUi25L0:bBs6KBmbEdJwi9l4FLLh8CiBy1D
MD5:	44F3B8471B856D4D1E73AF030F00B3B1
SHA1:	A12810219389CD3564FCEA759E437970BB4FD043
SHA-256:	3F7E071038398BBAD12A3E694BE2336643A4FAEF9199AD3CCCB7C244A10CEAB6
SHA-512:	972B2765D0A627272D710805136F57601CB72E5B47D944AE76F89E0D9E132298F9B767AD00EE99B7204B3E7251655496A3EB63D9C015D12E9FD1F3DD91E83137
Malicious:	false
Preview:	(2v...;.p... ..^...C..{h..'"-....4/2j...J...r.N.J_/.......,V.-.)....y4K.q...$)...CP.e........D..qnQ..RN.z...:S.>..`...2\|.e.'...Fz...2%9}q....;............H_\|I.~......n7Q....A.../.&CW.,.b..}8a....I.S....O..Z..8.....P{g`'8..Le[!(..[s.,....z...R...............9_.....G.>..z..,ZdAk.k........V.L..w@.Q.u.Ur...{....;..B.....a...l.L-.P.....8.m.;.Q.0........$.Z.9W..J...u...B.......H....Xw.....?...XG...~.t."..!.(.9,../...%<&....S>.t.]......?,..{9.Gc.....Ur..H.f."..\...V.J.&.X..N...f...&...B..ue)..H.u.m..K..i.......vy>.p..._.L.Z..k..Pi.d.?..zmY+aP,8:x.v..E.J.y..o.d..lbj..{..<...@.;...`F..+5.~.....i&}.'....=a..k.l7..M......h.....-.<A.N^M.b...k....&C..VQ.EgFfV..... {S5......S...G...BzO.K.$......c.M.T.C....y..._.):.g%%!.....BC...Uhb..N...5A..?r.R.h.o5.._.'&.S.l..\|p].e.\|..',>..x...\|.z...[..`..{s...K_?0........'.1...z.......*...4..!....[#(...H...'].Bg.E.'Q.<.%Px.2.c...P......M9wW.e......E.'`.9)...2.tR,dT"~1w..{.\.....\ 5...A...%)...'(....9...#.......?g\|.

C:\Users\user\Desktop\VLZDGUKUTZ\UMMBDNEQBN.xlsx.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.743935521855639
Encrypted:	false
SSDEEP:	24:RHsktPUO0AABMubS6Cmd6V2NdVRYA/ZqCARyKXIFkmmtlEcOzhVUi25LvU/QoiqF:iktPUOCGAS6Cmd6VqR5O4FLLh8CiBy1D
MD5:	611815D543E846C3FB1225637F0DF61E
SHA1:	9708F4E33BBD01ECFCEF93BBC83C9441C3580E4C
SHA-256:	3171F236E3AFCDF96372346F63759A4959282BB6B23C050457B0F26B098B15D4
SHA-512:	D9053BFF776F7FDE7C948AB4601F961F3ED81C6766BE1E5981468A963B2629F9D3091DB64147DBFBBD77CA11E806DBB73A8EACBC09B6B4121A529B62318A9E4A
Malicious:	false
Preview:	(2v...;.p... ..^.L.(./G....;. ..G..b..L.?.M..p....wQi...\|.J+.lK..\|Y.k........c..S..4...1+4.0...L..........G5....+'c4.~.H....N...C.I.!..a.$4M ...S.....+..oca.Z/...0.}..v.MYV....S..T....?.JP..4..r..1.kP..R.4..A;-..!j...C..:.....Jf...C9..2....~f.s...Y$!..=....CDHE.G.\..R.e...@..#...&....D.k.....h$.c...f^..>....A7y..c..b....Z.X...&(.w.c....Q.C.9...??...7.S>].'..n.[r. ...t...V.%..s}...>t9.l...pA......t2]...)(.....#..1....C...m1..f?(:........2.h_l....................a..A.Qib%.6......&J.._,..&).h....q.+.r....3.....6..{.H.....tQ..[..Z...m.6{X..y9............W....!\|Z3...........F.I.F...$...\|.. .b]..J....`.r.]...1..O.Q.2...j..\|.....mtu#... S../.D....y3C1#....n.!.B...rn....O.q..:+f%..b.}.1.{.jH.'.F..j....-xI...w........ nc.%.olg..I.K.1..z.y.s.$F.~GD@..\.L..{...XfM._..g.[..R..?....h.....!..H.\i.oG}V..3..L......7....a...8.,......K..1.........../...I...B"E../.fE.."..m.Y..&.ao..T.\..K..O......3....<*..r...?Ujs.qp....mb.G....V0m..2.S

C:\Users\user\Desktop\VLZDGUKUTZ\VLZDGUKUTZ.docx.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.757159234100293
Encrypted:	false
SSDEEP:	24:odvs75mYmYvPI4AdsIILn4yBDGsmBJMtsJP2CARyKXIFkmmtlEcOzhVUi25LvU/P:oz/Yvw4pIIz3DG7BJHPk4FLLh8CiBy1D
MD5:	5768D7E61AEE3FCC5D48379BC083E94F
SHA1:	69A6CA978CE89356A3C8A274A8E539C2B0A786C7
SHA-256:	AD952778BDD4EC677EE5D82C1C722E8E4ED616D20CBFDD4AD1C7298566671DA1
SHA-512:	334DE2D8DFB0A3CB7EE5DEEE9744759BB49587A0D8BEF728C2E20E259C16C0456E18EB57176C7FBB265EF70E6316491A7ECBEA8F4940093CDE786AE7A3BC82AF
Malicious:	false
Preview:	(2v...;.p... ..^..1...P$C..6.t..~{#..Hc.&......d.....2..K..gp.S.N.....m{..../..y\|.5.6h...2.xXM.....r.or..;.'....g."....I..n.^...w...Y .v...[C..a.o..ZPG...E.7FgW...,.. 2....p21.....)y=.gy... .hW......k_.fj...#\|xG$.p5x.5.>._o...k.&.Y..>\|+D.h.....^..sg..g...n.q^.8.#.O!..>"}...G..:.q......{O...oQ..%k.=..u...V..."....t....U&.)...68...69....p.eV.P..H.h.G...RX..W....5h..=~B!\...0/....]...o9...i-.8.....G.>\..&.Cy..G.%.?:....X.!...c. B@...=.q...D.V....cd.c...W..jZ.k.....Nl..v2d_....Q...].L..M4.VQ..se..ys..N.s..@$E...).m.....jv.....L.y3,..+.{G.o....n.!..S.R]....pP...:.>8I..]J2.Y.......!Pm..g..X.ra....y.6.5...........t..%.{.={.....yG-.}W..:.3..K0.}..VV.....Yq.fH.)..0-_-..[9..2..q....,H...6..XF.12.3cy.9..og.;`..w..l..!.7.#^..-..5b1..i...R..N.]^]. .,.?S...?....#.:p..(A}S....QBt;v...L.;...JOp...oD@..M_aJ....6.$..K;a\^Q"..D.....A.G..'.:...,=`...C;......N/ Ox~,}..RA...qo&&.e..Hr...J.^z...r..............uG.b.......V..`.g."..6...#....c.....q..j<...)%..B

C:\Users\user\Desktop\WUTJSCBCFX.jpg.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.739345339658692
Encrypted:	false
SSDEEP:	48:RNZVWWVLXsTlvD6RGFEqCSpDMY/wQyMuqWS/Fyd:bZ+o05EYnDFQ
MD5:	D3CDB00A4476B56F74EBEBDCEFD4FAA6
SHA1:	FD13D8E2AD996AB5E4C591C41E071ED3B79E626F
SHA-256:	60522451456D225B608B6F69FF52C52A651FFF69F7EDF012F0EEEE08ACB937A8
SHA-512:	0ADB9772ABA381E85C098ECF4FF66B6DF17A3F3EAA1C4839BE062DCA0B939BB5B14279830976179E176388289406D661559D20CA48F88CF009251EF5C30EA7E6
Malicious:	false
Preview:	+...c.pv0..#p.<\.....;6.......AU5U......`/u.W.......VA.G...X..C.-...h._......`...m.S.a.8..i.2..@ZFe...~S/u4.V...f...._...t...?(dDT.L.X......'...7..L..B.....1eC.`........fz...X.H....r...o..u.].t..61....]9.6...IJ.....5.,B...[....A.5].[...w..U.../..B.Z.XFN_Y..JI...2ha.g..\|..X.^.....6c.#...4...(6.sa...Ng..i/W..H..z....?.7+.9.~.W.e.F....{...h.~A.t.5..y.......hH.F.W..0:..!...P7..XE........Q..!.R$(.}....\6v......{M...(!..6.(..I..J..gq.y.[.P.SN..QeG......k.7.H...B..c.y.!...R....Fw..0.....;.5`}..u;.V.ok<.1.Q....]M..2..t..n.}..~.T.hy3.IGcPi.ENN....n....B...M,..R..r6`..............Sbj....g....$.._.$.#S.s..v.....!23.He-......}?.<..w..60.. ...!..I.2.bq....=....p. ..l"{.Q...G.........?../.~e..X.Q0.,..1\......C.J.6+.d..A4@..&.. ...o..u.Q......a......Dm0..'hN.........=.Q.......1.M.v..7.?%r..^.eR...2..9.`>./ .O.d.)jF."....O..^.}^.....Ua..Gf.....1.......P.`.b..W.@.k.W...eg. .A.....I..iR..w..9RCh..a..........(..cI....]NiC..3.O.,.W.....f.B..p...c.n.>....]sx

C:\Users\user\Desktop\ZBEDCJPBEY.mp3.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.791912492866249
Encrypted:	false
SSDEEP:	48:O7cPpYVB+6nTHJ8X0rN0MtQbmyzvD6RGFEqCSpDMY/wQyMuqWS/Fyd:4D9w0B02gmh05EYnDFQ
MD5:	36128F876BE64117960A01E066E77A78
SHA1:	6C3EE1F75BDC8349EEAD64BDC0BF125B07B4F4AA
SHA-256:	954747B9CD36014A34AB76F7B65330AC0AC49F6BC8A4EDC93091B3999AAB8F5B
SHA-512:	17524AE86DD408663D1DDFBEAC4A2D50736A771BDA7BC4967F92D647E9306E0906E1C8AF4FA1AFCAFE5531642AE8EA9D9CC9EA7AB4489B2ADF76D770EF708104
Malicious:	false
Preview:	+...c.pv0..#p.<\t...e%..\|...c.j._.@.+.'...T...4..s....$cq.\...r....i+.$..d=.Mi.\}W..rp".S..az1............`...D...''.....O0wyr..B.5..0g.....f.R.,q..,xr....\|..&...#..5..".."..h.{jHl.e............)....f.#.u.....".ZKIOR.=).*.`.p...Ir.,L.j.L.f...^..i..o..D.'...[b2.J .R2\......@c...t;~..............{.....n.N~N.k..[......,..`...C\..<p.W.....[......l......B....o\|..Eg'..}..@../]..F...6....&.~...:..l..9._p..Q.>..T....H.e]..:y....RHsT.i....+.]..)M.<;[.....)..%xE...].f....^.......f....b..\|:..O...Ac..7..]p..u.}csX.?.I.....3.XH.D...j..6l...\|-.m.~. .k.u..l.....L1'+....k_I-.. 0.4...-.OQ.(.E..TB......n:..S...).%p......l.c...Wac.yRP...<....M.J....Q.`v...$.0K1.7....W....z!;..q........G.U.......4fn..P....i..].d>Zuv...$!KZ.t.=..H!D.......BG}........i......$.A..h/.c..w<..OH.......'.T....g..VIu.....#..P.P.....D.}..G.hhX C.....A.....P\|.j...p.f.......s.Y..9t..zW....k.eY./o.Z....8..O....h.v..>...R........_...O..r].{.........8(.M ..7.}d]E....1......S]^.

C:\Users\user\Desktop\desktop.ini.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1340
Entropy (8bit):	5.435264549850712
Encrypted:	false
SSDEEP:	24:vnKL1SeQE58Sys33YwTgnjRCokafqQAPE2sMxo+tigfwXd/D4vd9olt:fA1Sf9Mcj+yM0uo+ggfid/kvr8
MD5:	19D7A9CBA6078394DB9353EAD342D1FD
SHA1:	1C79AEDED7A75D92A92AEF2E086216EFF84E2E14
SHA-256:	01AA59D6265CAFDAB015ABB459D7D793623770B6E168F415B86F85A58106B32B
SHA-512:	10A6913918EB8D6ECDF6F8EEE0714F375B8975A9DD2BBB6A24A0839EAC48A8B305156A9836087FD4388BB16EAEE524E60BE74CDB0239D8E1ECA277F362719C10
Malicious:	false
Preview:	$.h.}...0........w.2]....$...s........Svu...{......v..zJ..fa...ezE..u......c....f(....A..a..fg^.bq..0N...7O,.L.(....,R..(...]...L..B.L.P.\/..s..:...U.If}..M........m4..Y.O.v..!R....A.5..u.x.....z.zi....,..V....n&.f.q...`m.:..ln.?...k.?......2...qa.h/..:..8..H.51..b...LO.K..~q.:I...---8+8*---786ac22ca48d71c03760b9ccda148564c7d7226915691bc0c4679ceedf1e17e46d71321380b731bc735eba2232e87f1e5863880750205cb8553d9386b620a954e35df76effcffd4b5a605cd6e7166745457b9134afcae1c6586452daf4b055e0d87f9e2351d24474fe1539c36fabf3e30bcc4e05d226919f8f4760a3885e8670a9ab68bc8ab605901ef1cdd927f4b56ad856e860967d5b1f6b882415ee2c24a41e7fc0eb2a80cfc5778cd8b1bd3c9622a7cbe7a91f37ebb3292b9d36d18181dacea64f93e13aa0b53d5f34b07fc56e147831f09c0dd6c86646d4ac20c95fafbef8df25f9c7ede69e43ca4a79bedc3f4c96918186004d2a6798380986841410a97dd6a0f998765b22c2ec47fecd9a8976c15b23d2b092d854b8b0ce18831ce8f8b0cb459fc052fcda05f545271fefef377eef953f19d06a7fa3792f1b00bd7f51efa8cf480d51f6aeb9262007ebcf2e8f27cb936432ca5

C:\Users\user\Documents\DVWHKMNFNN.png.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.735270247216449
Encrypted:	false
SSDEEP:	48:FUgAieg1Sfybh+nvsvD6RGFEqCSpDMY/wQyMuqWS/Fyd:ugj194vP05EYnDFQ
MD5:	F0C6034C4A6ECB6BC643565C418BEA9C
SHA1:	A64A0CFC6DF07EF070CB1309B146C07DEFFA8DCA
SHA-256:	DDC1C3716F5CD141AC3B7DDDA7081026695F66D1FC57C432FBC4B660E1331363
SHA-512:	E89B259783900049C5896B1380410DE46A16609326CD49DDA9FC6B43804844EF33CA539E88C2749C9E7A51F048D0DB6A872D3DEEAD5157944984BA1D15FD4D10
Malicious:	false
Preview:	+...c.pv0..#p.<\.c...)..Z.......{R.....c....J..E.t....&.g.d....TZV/~......VE.Q..)..E...@Om.z.a.b..8.^.w.S..\|M.../...t/.~1.@.n6.x..@.M.M.7...o...B?.\.....?dx..[.Y...l..V2.ff.Z.Wy....gvWBq.P.\__.....E.}M......=.....d:.X...d.P.4.i3,.u&'4...^P_...=.NV..........>.L....m..L=..fD..:=g.....Y.3?i.?.g..c:{$.X.......G.G.N?..;......$...ZE.p.(.e4^..3.B...1I#q......H.iMT.3}A..[)!.Zq^.)...&?.\ ....C..53{.!...)..P.....(z..P. p.....6.../)U.!.{\.L~....eZ0e.$.0+.T..T.0..oWUm.s.1...s..`.Lz..&..0..........?....S..fS..w....wi.....wE.$.a.8..^..c..).....-..[K.^..'bX.z5....V...]...q.y!..v.....2nV.....kr ...6..\|.c/^ 'B?......!.{j.T..7....N.o.8`d.HG.C3.\|...../../x............=.2-.H.-d...Y..5..e...w(.jQ.'.pY..'..P.......Wpn.>.s....<..sF..~..GQ.j.2....o>.G.p+[c^sjE5!.cYu....=L.6.....8O.g..Z..6e.V...S..#..u...d......C9...,...&.=.`..rd.....]F;Z....z..3w..E...E.....b~....u`.r..+.m.e.../.8T....ZOh/.....Ve..\...f...H.(......f...,..n.H...{...J"~...9j4.......j...m.c.....

C:\Users\user\Documents\HTAGVDFUIE.jpg.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.73525225632051
Encrypted:	false
SSDEEP:	48:1g3tnYlLTpLyjPq1Y0evD6RGFEqCSpDMY/wQyMuqWS/Fyd:m9nYlLThyO1705EYnDFQ
MD5:	9D7AD38C37708FEBB1456470BF16D004
SHA1:	4BBDA28400E818191D132F06AEFCB9898776FD80
SHA-256:	6839C86A51670B47266BE026386C13570AD180E97F915B8A57162F8E81BA41A8
SHA-512:	58A6A67B9B0F6AB02757CE60287BB2DC16039C80FA1B1BB3565D2E3665D390ED7596F50F9D98A106BCFD26272E4CC57CF5C08FF7F0871BD59F833B8B30132B19
Malicious:	false
Preview:	+...c.pv0..#p.<\0og.E.SL.2.9P..jK.t....W..+_..v&...ONR...Z....f8....L....t`.....M.F.ri...nW..'U<oq0..(..Q...e.:.a..........%$.C.....e..Fy.+..y.{..9..7y....wEad5.h.M.5U.....-...........y..8p.c.^&.....X).3....$.......`...8..).9_9./.S".V.k.....4.k..?...WSt....1.1...._...8.p.8..V.C...i....e.{..Xj...nC]m...g?......./.Pij.h.t..........&Y.Cz.I.z.(.$.&.b..+@../..2.{../<LI.j..o..j.w@`..9c..}..>C{...=..O..av....<.,...!9..-......+...hQ..=.E.X^...6..}.o.F4..7..a...&....r~..o.5..zl..u..).(."..X@W.!:.?Q.. ZT.m./..Pp..1O.Mp..Y.k/#.%.&.Ry.L}...FY.U.[&;.-.%d.xb..ds.9....{..&>.O.CJ..#.XHh..d0...h..#..&6hS.."w.\.2.7N..BEW6.6...<..#....U....10Q.p\|......TZ.=...?.<....J.6`\|..\....W.~.K.@}.f?..:..X.....W.#....E.;..>.B..Z...R.....).....s$..q..Kc(l...s.4S...jr..6@.v....(G...........yg..Kj.C.S[/.Q...\|M...[..F8........z1..1c....#.ibf.......am...DN.M?....~..T..=...IH....\..kp.y.......^F.s..1a..6..V......&.M..7i..%..\|...J}u3..l..,...U.a..

C:\Users\user\Documents\HTAGVDFUIE.xlsx.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.73525225632051
Encrypted:	false
SSDEEP:	48:1g3tnYlLTpLyjPq1Y0evD6RGFEqCSpDMY/wQyMuqWS/Fyd:m9nYlLThyO1705EYnDFQ
MD5:	9D7AD38C37708FEBB1456470BF16D004
SHA1:	4BBDA28400E818191D132F06AEFCB9898776FD80
SHA-256:	6839C86A51670B47266BE026386C13570AD180E97F915B8A57162F8E81BA41A8
SHA-512:	58A6A67B9B0F6AB02757CE60287BB2DC16039C80FA1B1BB3565D2E3665D390ED7596F50F9D98A106BCFD26272E4CC57CF5C08FF7F0871BD59F833B8B30132B19
Malicious:	false
Preview:	+...c.pv0..#p.<\0og.E.SL.2.9P..jK.t....W..+_..v&...ONR...Z....f8....L....t`.....M.F.ri...nW..'U<oq0..(..Q...e.:.a..........%$.C.....e..Fy.+..y.{..9..7y....wEad5.h.M.5U.....-...........y..8p.c.^&.....X).3....$.......`...8..).9_9./.S".V.k.....4.k..?...WSt....1.1...._...8.p.8..V.C...i....e.{..Xj...nC]m...g?......./.Pij.h.t..........&Y.Cz.I.z.(.$.&.b..+@../..2.{../<LI.j..o..j.w@`..9c..}..>C{...=..O..av....<.,...!9..-......+...hQ..=.E.X^...6..}.o.F4..7..a...&....r~..o.5..zl..u..).(."..X@W.!:.?Q.. ZT.m./..Pp..1O.Mp..Y.k/#.%.&.Ry.L}...FY.U.[&;.-.%d.xb..ds.9....{..&>.O.CJ..#.XHh..d0...h..#..&6hS.."w.\.2.7N..BEW6.6...<..#....U....10Q.p\|......TZ.=...?.<....J.6`\|..\....W.~.K.@}.f?..:..X.....W.#....E.;..>.B..Z...R.....).....s$..q..Kc(l...s.4S...jr..6@.v....(G...........yg..Kj.C.S[/.Q...\|M...[..F8........z1..1c....#.ibf.......am...DN.M?....~..T..=...IH....\..kp.y.......^F.s..1a..6..V......&.M..7i..%..\|...J}u3..l..,...U.a..

C:\Users\user\Documents\KATAXZVCPS.pdf.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.7589269588471765
Encrypted:	false
SSDEEP:	48:k3imBcTY3icJGkIFJfZBwCM/1ivD6RGFEqCSpDMY/wQyMuqWS/Fyd:k3im8Y3iIqJfPAdV05EYnDFQ
MD5:	4816443D94932A022855F0D350091B1D
SHA1:	DF78A980866F31B9FF3313969887B2EDCE9D3A21
SHA-256:	530BFDF936DEDC18D6526FCCD4D42723530CD3F31C140CFC5DC706B082B1CF48
SHA-512:	E45EE17C4E4E065477B1B35778B864BE38DD987126BB3D69A0607C2A5A270E5E53E8D94513342AB07D2CA2AF1C4EB05E7341489AF77B52B914807AC2BD59489B
Malicious:	false
Preview:	+...c.pv0..#p.<\$>..?.....x..y.R..3?_.G.\..3^..6N...P..<$../.t......U.c.W.t.6J).+'.D0...>.2.@.6..4Y...........B....w...B....D........\|..4...kD...5.]..U.h....K..Ki7.=.\dx#...\|k......K.e.V...0...l..E...o1.0W..JY.tO~D.L...X5..6.@.q.].yNE...dl.LTh ...YS............L.B....5gj3.tu..g:......G.s..":.v..P.%g.nF.......D.S.Dl\...b.m.....r.=\|.I..'.<....d..5.MQ.....$..............B....m..S.=...2X.c...^u.n&..c..........z..z....gy.#....~.h.<...!..+.q+wl..L.....%.......} ......)......\|.H?..\.\..zrd...7.\|^E.0......JVqz..5.."G..\.....E.....rH..oZ........;....esH...n.m.6R.......}nr...G..".q.^.BaD.K...$<Q.o.....a..76.l....vpbjnj2...l._3E.p.^..,VuG.>S.f.2.o0...@.U;.DG.n,.W.:5cC.Y..2...!.A^..8..p... .d...psQQ.a...i...r\..)<2..@.r..s..9.C...c@,. x.i.....Y.~z......../=...k..`.....!>.z4T.f...$.nr.a..uYjeh1:.......,..:.R..C..a{....>.."~.........e...]..N...\|...UA..2....:B.\.....`....OPh.A..q&XW?...TI.b...P................%...R.X......Q.O.@...&..!8 .?....\k.....V.PK4....

C:\Users\user\Documents\KZWFNRXYKI.png.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.7489055661583075
Encrypted:	false
SSDEEP:	48:C99Gu8MD0AW5IMTJyqvD6RGFEqCSpDMY/wQyMuqWS/Fyd:CGLAqIMTJK05EYnDFQ
MD5:	4A41689A31ED56E3E15F4A5E177F8A7A
SHA1:	FFB65A6FA0C332D9FF6D7191549409118CC03483
SHA-256:	EAFBC1669CEDDB940695B82992827DCCCAC60EC64A404464D6074259D81D6EF4
SHA-512:	5B98A0029DDC181501341D464E0D504724F498CB4139C038A81A3DD5F280F408A4C3FC3B73E9EDDA55D1EF885AFBB89F55C03DD38AF3C7A887680CCFC2B43C7F
Malicious:	false
Preview:	+...c.pv0..#p.<\q...._?S.<...p.t....K.....$.&..p1...b....C.<.o[+;Q}.X0>j.].....jf.L..9.N..z...S..F.m..P...9.&.@.l?..!..yQ..........n...[..:...._.....i...$.......p./.f.-=...0.y......^H..Ux#e.=./........!.O...:..H\|..a..G9..!l.....7..n.vCZ.a.n.^.f<...E]A...c../..[...+V..I.C...KX....F..^.+)S. 0.,:..f.Z4.>.w..\/`..\hR...5wwS=...0G....Lq...u>.X.C...E.R.i..<,n....=(r.....@...E....,...}..9.b...KI...{>V..w..'2.-.hA..+..F...\t.w..L~..2..-.+'.4.Y.>A.aE..v~..c.x........2.RAO?aZ...c8..(..M.K.1.2...~.......mR.K.........\..o.....T..(......y@..:g.`b.l.IH..B....6.....V..\%.dN.I.Z.S?.b@.../."ds...?...3.......0<...9....:.mB.q.L.....m.r DV5.......IGgC/........P#..&........Vw..fD.xb.w..7......p.7m..U..N^..W...D.Ub41........_.j..W.L.Ttj.B.T.I.jYQ..N6........l..).*.]A....{..Zg...-.9.<.~".J.$....\|9Af.M........>.b...U..+q.......<...l...x&.%......._pW.....A.\..P/J..`R:.....Q...QZ..T..>.L..gU-.;d/..u 0z....8aI..xj.L....-..E..V-.....!.X..R ..Vl...4....96\|.>6.8e

C:\Users\user\Documents\LTKMYBSEYZ.mp3.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.777764305457684
Encrypted:	false
SSDEEP:	48:GjBMcfpgYRSv3E37MgDI2jCeXuvD6RGFEqCSpDMY/wQyMuqWS/Fyd:I9fpTRfLM7eXB05EYnDFQ
MD5:	6B5B23D7400F31DF9D22026A998A675D
SHA1:	39CF78620FAC0306F3B0464340AA926BD56C3C69
SHA-256:	E99A861F18CE43A9B57B5854D1DD15B22DBBFFA1A3B59A2E8C6D8E65BE7CAC80
SHA-512:	EBC8DD030FA7BF5141EF1900DC76F742DA791DE5166EFB062F1BD6884C1EA43DD7D029531D51666DD93A8FA0FFB2E37D4534A61F4355DA15CD73F37318798240
Malicious:	false
Preview:	+...c.pv0..#p.<\.f#Q.&.n.%....s....}r#2.+......p2.E.y&..l.68..7.t.:.Xwi[.R'..g.0YT.-..$...Ne../VHN.^.h.......K.K..<..#....O..\... J...!....,.Xi....k>.e..2.P`.wxqy.{....uH...<.v.9...B.v)h.!v8.2..#.G......`]=>.....8....~..S..l.`.J.1....g......._..t.9Bys.....}$e.].B..p...zG:...V.I..".d.f..c..L.S.....iO+...G.h._$.x...+.....o.OO. ....].$.....t.Q....tI...}ok.. M....G..X..j.`.G.D.[&.e.."......eT@.:..nA>.V.w..J.........{U9...fZ.\|. ...yp....2...B&.L5.......I.^r:.oE+>..[FC..o.c...I3...GQ....;.9..b......r.'..y.qI.$..-q...).Y.7.....4qPfT.~.J......(.+..$n......Y......?.?.5..(........-.l..qR.s..].Y...o.jq...6m..@...G..q.dl...s.1.,.....]..SK...z....cW..a....,/..K.l......@%.......#.........>..2..\|3....mv...(..."...}.?0c_&)-U".........L/2....7}.6..X7....\]....F.g (\|....x~.]}..,..</c..x\S....L..1.....t\\g./.......LKk.Ao..u.j.2.U..\|......4...!.n !..L]...`....;qO.."....@Hr.L..J..m.&...w~%.....Q.A...9..B...E.<.-....`o.KD....z....m..D._#...#.M....6.p.$.i

C:\Users\user\Documents\LTKMYBSEYZ.pdf.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.777764305457684
Encrypted:	false
SSDEEP:	48:GjBMcfpgYRSv3E37MgDI2jCeXuvD6RGFEqCSpDMY/wQyMuqWS/Fyd:I9fpTRfLM7eXB05EYnDFQ
MD5:	6B5B23D7400F31DF9D22026A998A675D
SHA1:	39CF78620FAC0306F3B0464340AA926BD56C3C69
SHA-256:	E99A861F18CE43A9B57B5854D1DD15B22DBBFFA1A3B59A2E8C6D8E65BE7CAC80
SHA-512:	EBC8DD030FA7BF5141EF1900DC76F742DA791DE5166EFB062F1BD6884C1EA43DD7D029531D51666DD93A8FA0FFB2E37D4534A61F4355DA15CD73F37318798240
Malicious:	false
Preview:	+...c.pv0..#p.<\.f#Q.&.n.%....s....}r#2.+......p2.E.y&..l.68..7.t.:.Xwi[.R'..g.0YT.-..$...Ne../VHN.^.h.......K.K..<..#....O..\... J...!....,.Xi....k>.e..2.P`.wxqy.{....uH...<.v.9...B.v)h.!v8.2..#.G......`]=>.....8....~..S..l.`.J.1....g......._..t.9Bys.....}$e.].B..p...zG:...V.I..".d.f..c..L.S.....iO+...G.h._$.x...+.....o.OO. ....].$.....t.Q....tI...}ok.. M....G..X..j.`.G.D.[&.e.."......eT@.:..nA>.V.w..J.........{U9...fZ.\|. ...yp....2...B&.L5.......I.^r:.oE+>..[FC..o.c...I3...GQ....;.9..b......r.'..y.qI.$..-q...).Y.7.....4qPfT.~.J......(.+..$n......Y......?.?.5..(........-.l..qR.s..].Y...o.jq...6m..@...G..q.dl...s.1.,.....]..SK...z....cW..a....,/..K.l......@%.......#.........>..2..\|3....mv...(..."...}.?0c_&)-U".........L/2....7}.6..X7....\]....F.g (\|....x~.]}..,..</c..x\S....L..1.....t\\g./.......LKk.Ao..u.j.2.U..\|......4...!.n !..L]...`....;qO.."....@Hr.L..J..m.&...w~%.....Q.A...9..B...E.<.-....`o.KD....z....m..D._#...#.M....6.p.$.i

C:\Users\user\Documents\UMMBDNEQBN.docx.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.756834480322971
Encrypted:	false
SSDEEP:	48:hu6e64gvyo7CRaifStNNuwvD6RGFEqCSpDMY/wQyMuqWS/Fyd:Ne9gvyo7CRabb+05EYnDFQ
MD5:	756454FA0C0E0E3BC791BA45B08BD8AA
SHA1:	353B0AB177887817DAF5D706A2352EA498D2E780
SHA-256:	533B5BBBB6A9BB7B152F4F2BD71FF2BA3FEDEB870D1EB65AD9815C13B1DB8C2E
SHA-512:	DB88D6041AB0610F3DC93E6F472CCEE58500B3D7CF07E2347D6923E138BEC26901D44DE38454837BCA922E0FF85D47C109AB820174F92A5ED6612C5A94A3CD6B
Malicious:	false
Preview:	+...c.pv0..#p.<\:pFUc.e..P&ma.8<-..<C`..h-!.[^.c.\|f....^......I......r^.\|ydd....7.K.@..2..T..0....UH....'..}a.J.4h..f.[..YbBg.v..Dve.r..2t2... J.I22...8.{..*.p..\|x&.6.]...)...M...k_...F.BA......kI.N;.o...G...t...z$u...[.9.H!.....X......Y.K..o..{...\|H0.....=.o..&.(...%P0..b...tI..!.g..8..OD.K..&z....Y>.!a.i...'\.n...J.."lE..$../._nI._.;..f..4.+..G.+.~'7M..%..=..,..H[..zh.oo&....\..wM.....B.qF?..-L..}.t.;....p..X....U...k... ....n......V....B..B...j(....6.._.r.....C.$C&..6bi.....n..B..!.(}..y~.._.t..KL....Q..r&.RI...../AJ.]k....2nX..N....t.`\..Pl...H. ..#.<....7N........W.Y......../.o..r=.Tc[;+...tU0R.w...w..{j..5....F...b..}/..j.Zrb......=YE....b].....<..}qX...,.(.O.P(n......U..F..(.I...!'.]8..J._&E.?5.r..`..j_.........cH8..l{I.2iXa.`...P......#..7.......]$......_..4..d..._-;[Z..t..\N?.....@.....I...9.......-........Z..0.m.RBW.1.l..P..(...._=x&.......R.Ht...O....r.q.0.`M9...T..C.g..Q..MQ.?O..6I..EN.]\|......\|.or.\ ...:....s......8..H_.

C:\Users\user\Documents\UMMBDNEQBN.xlsx.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.756834480322971
Encrypted:	false
SSDEEP:	48:hu6e64gvyo7CRaifStNNuwvD6RGFEqCSpDMY/wQyMuqWS/Fyd:Ne9gvyo7CRabb+05EYnDFQ
MD5:	756454FA0C0E0E3BC791BA45B08BD8AA
SHA1:	353B0AB177887817DAF5D706A2352EA498D2E780
SHA-256:	533B5BBBB6A9BB7B152F4F2BD71FF2BA3FEDEB870D1EB65AD9815C13B1DB8C2E
SHA-512:	DB88D6041AB0610F3DC93E6F472CCEE58500B3D7CF07E2347D6923E138BEC26901D44DE38454837BCA922E0FF85D47C109AB820174F92A5ED6612C5A94A3CD6B
Malicious:	false
Preview:	+...c.pv0..#p.<\:pFUc.e..P&ma.8<-..<C`..h-!.[^.c.\|f....^......I......r^.\|ydd....7.K.@..2..T..0....UH....'..}a.J.4h..f.[..YbBg.v..Dve.r..2t2... J.I22...8.{..*.p..\|x&.6.]...)...M...k_...F.BA......kI.N;.o...G...t...z$u...[.9.H!.....X......Y.K..o..{...\|H0.....=.o..&.(...%P0..b...tI..!.g..8..OD.K..&z....Y>.!a.i...'\.n...J.."lE..$../._nI._.;..f..4.+..G.+.~'7M..%..=..,..H[..zh.oo&....\..wM.....B.qF?..-L..}.t.;....p..X....U...k... ....n......V....B..B...j(....6.._.r.....C.$C&..6bi.....n..B..!.(}..y~.._.t..KL....Q..r&.RI...../AJ.]k....2nX..N....t.`\..Pl...H. ..#.<....7N........W.Y......../.o..r=.Tc[;+...tU0R.w...w..{j..5....F...b..}/..j.Zrb......=YE....b].....<..}qX...,.(.O.P(n......U..F..(.I...!'.]8..J._&E.?5.r..`..j_.........cH8..l{I.2iXa.`...P......#..7.......]$......_..4..d..._-;[Z..t..\N?.....@.....I...9.......-........Z..0.m.RBW.1.l..P..(...._=x&.......R.Ht...O....r.q.0.`M9...T..C.g..Q..MQ.?O..6I..EN.]\|......\|.or.\ ...:....s......8..H_.

C:\Users\user\Documents\UMMBDNEQBN\HTAGVDFUIE.xlsx.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.73525225632051
Encrypted:	false
SSDEEP:	48:1g3tnYlLTpLyjPq1Y0evD6RGFEqCSpDMY/wQyMuqWS/Fyd:m9nYlLThyO1705EYnDFQ
MD5:	9D7AD38C37708FEBB1456470BF16D004
SHA1:	4BBDA28400E818191D132F06AEFCB9898776FD80
SHA-256:	6839C86A51670B47266BE026386C13570AD180E97F915B8A57162F8E81BA41A8
SHA-512:	58A6A67B9B0F6AB02757CE60287BB2DC16039C80FA1B1BB3565D2E3665D390ED7596F50F9D98A106BCFD26272E4CC57CF5C08FF7F0871BD59F833B8B30132B19
Malicious:	false
Preview:	+...c.pv0..#p.<\0og.E.SL.2.9P..jK.t....W..+_..v&...ONR...Z....f8....L....t`.....M.F.ri...nW..'U<oq0..(..Q...e.:.a..........%$.C.....e..Fy.+..y.{..9..7y....wEad5.h.M.5U.....-...........y..8p.c.^&.....X).3....$.......`...8..).9_9./.S".V.k.....4.k..?...WSt....1.1...._...8.p.8..V.C...i....e.{..Xj...nC]m...g?......./.Pij.h.t..........&Y.Cz.I.z.(.$.&.b..+@../..2.{../<LI.j..o..j.w@`..9c..}..>C{...=..O..av....<.,...!9..-......+...hQ..=.E.X^...6..}.o.F4..7..a...&....r~..o.5..zl..u..).(."..X@W.!:.?Q.. ZT.m./..Pp..1O.Mp..Y.k/#.%.&.Ry.L}...FY.U.[&;.-.%d.xb..ds.9....{..&>.O.CJ..#.XHh..d0...h..#..&6hS.."w.\.2.7N..BEW6.6...<..#....U....10Q.p\|......TZ.=...?.<....J.6`\|..\....W.~.K.@}.f?..:..X.....W.#....E.;..>.B..Z...R.....).....s$..q..Kc(l...s.4S...jr..6@.v....(G...........yg..Kj.C.S[/.Q...\|M...[..F8........z1..1c....#.ibf.......am...DN.M?....~..T..=...IH....\..kp.y.......^F.s..1a..6..V......&.M..7i..%..\|...J}u3..l..,...U.a..

C:\Users\user\Documents\UMMBDNEQBN\KZWFNRXYKI.png.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.7489055661583075
Encrypted:	false
SSDEEP:	48:C99Gu8MD0AW5IMTJyqvD6RGFEqCSpDMY/wQyMuqWS/Fyd:CGLAqIMTJK05EYnDFQ
MD5:	4A41689A31ED56E3E15F4A5E177F8A7A
SHA1:	FFB65A6FA0C332D9FF6D7191549409118CC03483
SHA-256:	EAFBC1669CEDDB940695B82992827DCCCAC60EC64A404464D6074259D81D6EF4
SHA-512:	5B98A0029DDC181501341D464E0D504724F498CB4139C038A81A3DD5F280F408A4C3FC3B73E9EDDA55D1EF885AFBB89F55C03DD38AF3C7A887680CCFC2B43C7F
Malicious:	false
Preview:	+...c.pv0..#p.<\q...._?S.<...p.t....K.....$.&..p1...b....C.<.o[+;Q}.X0>j.].....jf.L..9.N..z...S..F.m..P...9.&.@.l?..!..yQ..........n...[..:...._.....i...$.......p./.f.-=...0.y......^H..Ux#e.=./........!.O...:..H\|..a..G9..!l.....7..n.vCZ.a.n.^.f<...E]A...c../..[...+V..I.C...KX....F..^.+)S. 0.,:..f.Z4.>.w..\/`..\hR...5wwS=...0G....Lq...u>.X.C...E.R.i..<,n....=(r.....@...E....,...}..9.b...KI...{>V..w..'2.-.hA..+..F...\t.w..L~..2..-.+'.4.Y.>A.aE..v~..c.x........2.RAO?aZ...c8..(..M.K.1.2...~.......mR.K.........\..o.....T..(......y@..:g.`b.l.IH..B....6.....V..\%.dN.I.Z.S?.b@.../."ds...?...3.......0<...9....:.mB.q.L.....m.r DV5.......IGgC/........P#..&........Vw..fD.xb.w..7......p.7m..U..N^..W...D.Ub41........_.j..W.L.Ttj.B.T.I.jYQ..N6........l..).*.]A....{..Zg...-.9.<.~".J.$....\|9Af.M........>.b...U..+q.......<...l...x&.%......._pW.....A.\..P/J..`R:.....Q...QZ..T..>.L..gU-.;d/..u 0z....8aI..xj.L....-..E..V-.....!.X..R ..Vl...4....96\|.>6.8e

C:\Users\user\Documents\UMMBDNEQBN\LTKMYBSEYZ.pdf.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.777764305457684
Encrypted:	false
SSDEEP:	48:GjBMcfpgYRSv3E37MgDI2jCeXuvD6RGFEqCSpDMY/wQyMuqWS/Fyd:I9fpTRfLM7eXB05EYnDFQ
MD5:	6B5B23D7400F31DF9D22026A998A675D
SHA1:	39CF78620FAC0306F3B0464340AA926BD56C3C69
SHA-256:	E99A861F18CE43A9B57B5854D1DD15B22DBBFFA1A3B59A2E8C6D8E65BE7CAC80
SHA-512:	EBC8DD030FA7BF5141EF1900DC76F742DA791DE5166EFB062F1BD6884C1EA43DD7D029531D51666DD93A8FA0FFB2E37D4534A61F4355DA15CD73F37318798240
Malicious:	false
Preview:	+...c.pv0..#p.<\.f#Q.&.n.%....s....}r#2.+......p2.E.y&..l.68..7.t.:.Xwi[.R'..g.0YT.-..$...Ne../VHN.^.h.......K.K..<..#....O..\... J...!....,.Xi....k>.e..2.P`.wxqy.{....uH...<.v.9...B.v)h.!v8.2..#.G......`]=>.....8....~..S..l.`.J.1....g......._..t.9Bys.....}$e.].B..p...zG:...V.I..".d.f..c..L.S.....iO+...G.h._$.x...+.....o.OO. ....].$.....t.Q....tI...}ok.. M....G..X..j.`.G.D.[&.e.."......eT@.:..nA>.V.w..J.........{U9...fZ.\|. ...yp....2...B&.L5.......I.^r:.oE+>..[FC..o.c...I3...GQ....;.9..b......r.'..y.qI.$..-q...).Y.7.....4qPfT.~.J......(.+..$n......Y......?.?.5..(........-.l..qR.s..].Y...o.jq...6m..@...G..q.dl...s.1.,.....]..SK...z....cW..a....,/..K.l......@%.......#.........>..2..\|3....mv...(..."...}.?0c_&)-U".........L/2....7}.6..X7....\]....F.g (\|....x~.]}..,..</c..x\S....L..1.....t\\g./.......LKk.Ao..u.j.2.U..\|......4...!.n !..L]...`....;qO.."....@Hr.L..J..m.&...w~%.....Q.A...9..B...E.<.-....`o.KD....z....m..D._#...#.M....6.p.$.i

C:\Users\user\Documents\UMMBDNEQBN\UMMBDNEQBN.docx.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.756834480322971
Encrypted:	false
SSDEEP:	48:hu6e64gvyo7CRaifStNNuwvD6RGFEqCSpDMY/wQyMuqWS/Fyd:Ne9gvyo7CRabb+05EYnDFQ
MD5:	756454FA0C0E0E3BC791BA45B08BD8AA
SHA1:	353B0AB177887817DAF5D706A2352EA498D2E780
SHA-256:	533B5BBBB6A9BB7B152F4F2BD71FF2BA3FEDEB870D1EB65AD9815C13B1DB8C2E
SHA-512:	DB88D6041AB0610F3DC93E6F472CCEE58500B3D7CF07E2347D6923E138BEC26901D44DE38454837BCA922E0FF85D47C109AB820174F92A5ED6612C5A94A3CD6B
Malicious:	false
Preview:	+...c.pv0..#p.<\:pFUc.e..P&ma.8<-..<C`..h-!.[^.c.\|f....^......I......r^.\|ydd....7.K.@..2..T..0....UH....'..}a.J.4h..f.[..YbBg.v..Dve.r..2t2... J.I22...8.{..*.p..\|x&.6.]...)...M...k_...F.BA......kI.N;.o...G...t...z$u...[.9.H!.....X......Y.K..o..{...\|H0.....=.o..&.(...%P0..b...tI..!.g..8..OD.K..&z....Y>.!a.i...'\.n...J.."lE..$../._nI._.;..f..4.+..G.+.~'7M..%..=..,..H[..zh.oo&....\..wM.....B.qF?..-L..}.t.;....p..X....U...k... ....n......V....B..B...j(....6.._.r.....C.$C&..6bi.....n..B..!.(}..y~.._.t..KL....Q..r&.RI...../AJ.]k....2nX..N....t.`\..Pl...H. ..#.<....7N........W.Y......../.o..r=.Tc[;+...tU0R.w...w..{j..5....F...b..}/..j.Zrb......=YE....b].....<..}qX...,.(.O.P(n......U..F..(.I...!'.]8..J._&E.?5.r..`..j_.........cH8..l{I.2iXa.`...P......#..7.......]$......_..4..d..._-;[Z..t..\N?.....@.....I...9.......-........Z..0.m.RBW.1.l..P..(...._=x&.......R.Ht...O....r.q.0.`M9...T..C.g..Q..MQ.?O..6I..EN.]\|......\|.or.\ ...:....s......8..H_.

C:\Users\user\Documents\UMMBDNEQBN\WUTJSCBCFX.jpg.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.739345339658692
Encrypted:	false
SSDEEP:	48:RNZVWWVLXsTlvD6RGFEqCSpDMY/wQyMuqWS/Fyd:bZ+o05EYnDFQ
MD5:	D3CDB00A4476B56F74EBEBDCEFD4FAA6
SHA1:	FD13D8E2AD996AB5E4C591C41E071ED3B79E626F
SHA-256:	60522451456D225B608B6F69FF52C52A651FFF69F7EDF012F0EEEE08ACB937A8
SHA-512:	0ADB9772ABA381E85C098ECF4FF66B6DF17A3F3EAA1C4839BE062DCA0B939BB5B14279830976179E176388289406D661559D20CA48F88CF009251EF5C30EA7E6
Malicious:	false
Preview:	+...c.pv0..#p.<\.....;6.......AU5U......`/u.W.......VA.G...X..C.-...h._......`...m.S.a.8..i.2..@ZFe...~S/u4.V...f...._...t...?(dDT.L.X......'...7..L..B.....1eC.`........fz...X.H....r...o..u.].t..61....]9.6...IJ.....5.,B...[....A.5].[...w..U.../..B.Z.XFN_Y..JI...2ha.g..\|..X.^.....6c.#...4...(6.sa...Ng..i/W..H..z....?.7+.9.~.W.e.F....{...h.~A.t.5..y.......hH.F.W..0:..!...P7..XE........Q..!.R$(.}....\6v......{M...(!..6.(..I..J..gq.y.[.P.SN..QeG......k.7.H...B..c.y.!...R....Fw..0.....;.5`}..u;.V.ok<.1.Q....]M..2..t..n.}..~.T.hy3.IGcPi.ENN....n....B...M,..R..r6`..............Sbj....g....$.._.$.#S.s..v.....!23.He-......}?.<..w..60.. ...!..I.2.bq....=....p. ..l"{.Q...G.........?../.~e..X.Q0.,..1\......C.J.6+.d..A4@..&.. ...o..u.Q......a......Dm0..'hN.........=.Q.......1.M.v..7.?%r..^.eR...2..9.`>./ .O.d.)jF."....O..^.}^.....Ua..Gf.....1.......P.`.b..W.@.k.W...eg. .A.....I..iR..w..9RCh..a..........(..cI....]NiC..3.O.,.W.....f.B..p...c.n.>....]sx

C:\Users\user\Documents\UMMBDNEQBN\ZBEDCJPBEY.mp3.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.791912492866249
Encrypted:	false
SSDEEP:	48:O7cPpYVB+6nTHJ8X0rN0MtQbmyzvD6RGFEqCSpDMY/wQyMuqWS/Fyd:4D9w0B02gmh05EYnDFQ
MD5:	36128F876BE64117960A01E066E77A78
SHA1:	6C3EE1F75BDC8349EEAD64BDC0BF125B07B4F4AA
SHA-256:	954747B9CD36014A34AB76F7B65330AC0AC49F6BC8A4EDC93091B3999AAB8F5B
SHA-512:	17524AE86DD408663D1DDFBEAC4A2D50736A771BDA7BC4967F92D647E9306E0906E1C8AF4FA1AFCAFE5531642AE8EA9D9CC9EA7AB4489B2ADF76D770EF708104
Malicious:	false
Preview:	+...c.pv0..#p.<\t...e%..\|...c.j._.@.+.'...T...4..s....$cq.\...r....i+.$..d=.Mi.\}W..rp".S..az1............`...D...''.....O0wyr..B.5..0g.....f.R.,q..,xr....\|..&...#..5..".."..h.{jHl.e............)....f.#.u.....".ZKIOR.=).*.`.p...Ir.,L.j.L.f...^..i..o..D.'...[b2.J .R2\......@c...t;~..............{.....n.N~N.k..[......,..`...C\..<p.W.....[......l......B....o\|..Eg'..}..@../]..F...6....&.~...:..l..9._p..Q.>..T....H.e]..:y....RHsT.i....+.]..)M.<;[.....)..%xE...].f....^.......f....b..\|:..O...Ac..7..]p..u.}csX.?.I.....3.XH.D...j..6l...\|-.m.~. .k.u..l.....L1'+....k_I-.. 0.4...-.OQ.(.E..TB......n:..S...).%p......l.c...Wac.yRP...<....M.J....Q.`v...$.0K1.7....W....z!;..q........G.U.......4fn..P....i..].d>Zuv...$!KZ.t.=..H!D.......BG}........i......$.A..h/.c..w<..OH.......'.T....g..VIu.....#..P.P.....D.}..G.hhX C.....A.....P\|.j...p.f.......s.Y..9t..zW....k.eY./o.Z....8..O....h.v..>...R........_...O..r].{.........8(.M ..7.}d]E....1......S]^.

C:\Users\user\Documents\VLZDGUKUTZ.docx.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.756290623300287
Encrypted:	false
SSDEEP:	48:P8cXZLV3WGs24Uf3bJ6vD6RGFEqCSpDMY/wQyMuqWS/Fyd:P8OVmGs24UfFd05EYnDFQ
MD5:	2FC9219839739A39E65C912841550B08
SHA1:	BE79AB044F881D6541D93958D1757310D0EB1F93
SHA-256:	8BF1718F6095467B983844A6CD3B60DB7514F0954F6F17AB772A0D649863FB13
SHA-512:	1A63B25D7A9E54CB13E178957ED22A9BEF26F10DECB9C0C0920528D5FF4F9ADBD70A1B93B728369F7E04F7EBC9EE8DE930DB1256DD9FD231F35B98794D3FD41D
Malicious:	false
Preview:	+...c.pv0..#p.<\....e.Z..`......\|...xx..U%Z...{. ...J.x....V.-....,.+..Ec.a...:O..=7.....Cb.V.(......>.$.....e.[....K...F.N..w.c.^m...mz.Lh..`2.~...`9...b...v ..p..ZQ.L...Mq.1i.o...i\...VYY.@;.9.)y.+{i...Y..........z.."h.....H....z.o.Kv.._4^..7/r.Ug....T.4._n<..l.R...P........c.A....[...I..@.;."..S\|".k.L..(.....B%.Q.%...n~#l..B.+....J..c.....J/`......vv.....7...(....5..Y.=..).u."...9..q`.1a.YP.L...c:T9Pb{..7......7...(..fA..<.l........O....g.Q...R..U...xQ.'.B.Z.......Ai./....6.}.j..d.0..Q.3.qt.'.....:-x..g.7....<.F.7..e..o.c....5{........C+Am.CG..I.\|...c..#0.=.?.BcR.;.+...+.j;..]...P...hT....U..z)..P.z~...>j...s.~~...Y.\|.Y@.;<.....b.A.'..Q..i....p....S...M.S.?.?..ZL...I.=9<..0:FBa..+X....g.Q....$..X6y....b..+.%X,......&5E...=0.(%..+....hIK.{..G..5....i..c..+.....ul.t...E...+..`.".C,l...AEeP`n.g..O.Lfzfu..W.l=]...Zq..z./.....O....B.V\|.Zo..C...c.......UM)...T.6....'..a.....c..j4...#.e{...#..A+V.i...3..s....W..\7.P"3.X..2wN#~i.m

C:\Users\user\Documents\VLZDGUKUTZ\DVWHKMNFNN.png.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.735270247216449
Encrypted:	false
SSDEEP:	48:FUgAieg1Sfybh+nvsvD6RGFEqCSpDMY/wQyMuqWS/Fyd:ugj194vP05EYnDFQ
MD5:	F0C6034C4A6ECB6BC643565C418BEA9C
SHA1:	A64A0CFC6DF07EF070CB1309B146C07DEFFA8DCA
SHA-256:	DDC1C3716F5CD141AC3B7DDDA7081026695F66D1FC57C432FBC4B660E1331363
SHA-512:	E89B259783900049C5896B1380410DE46A16609326CD49DDA9FC6B43804844EF33CA539E88C2749C9E7A51F048D0DB6A872D3DEEAD5157944984BA1D15FD4D10
Malicious:	false
Preview:	+...c.pv0..#p.<\.c...)..Z.......{R.....c....J..E.t....&.g.d....TZV/~......VE.Q..)..E...@Om.z.a.b..8.^.w.S..\|M.../...t/.~1.@.n6.x..@.M.M.7...o...B?.\.....?dx..[.Y...l..V2.ff.Z.Wy....gvWBq.P.\__.....E.}M......=.....d:.X...d.P.4.i3,.u&'4...^P_...=.NV..........>.L....m..L=..fD..:=g.....Y.3?i.?.g..c:{$.X.......G.G.N?..;......$...ZE.p.(.e4^..3.B...1I#q......H.iMT.3}A..[)!.Zq^.)...&?.\ ....C..53{.!...)..P.....(z..P. p.....6.../)U.!.{\.L~....eZ0e.$.0+.T..T.0..oWUm.s.1...s..`.Lz..&..0..........?....S..fS..w....wi.....wE.$.a.8..^..c..).....-..[K.^..'bX.z5....V...]...q.y!..v.....2nV.....kr ...6..\|.c/^ 'B?......!.{j.T..7....N.o.8`d.HG.C3.\|...../../x............=.2-.H.-d...Y..5..e...w(.jQ.'.pY..'..P.......Wpn.>.s....<..sF..~..GQ.j.2....o>.G.p+[c^sjE5!.cYu....=L.6.....8O.g..Z..6e.V...S..#..u...d......C9...,...&.=.`..rd.....]F;Z....z..3w..E...E.....b~....u`.r..+.m.e.../.8T....ZOh/.....Ve..\...f...H.(......f...,..n.H...{...J"~...9j4.......j...m.c.....

C:\Users\user\Documents\VLZDGUKUTZ\HTAGVDFUIE.jpg.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.73525225632051
Encrypted:	false
SSDEEP:	48:1g3tnYlLTpLyjPq1Y0evD6RGFEqCSpDMY/wQyMuqWS/Fyd:m9nYlLThyO1705EYnDFQ
MD5:	9D7AD38C37708FEBB1456470BF16D004
SHA1:	4BBDA28400E818191D132F06AEFCB9898776FD80
SHA-256:	6839C86A51670B47266BE026386C13570AD180E97F915B8A57162F8E81BA41A8
SHA-512:	58A6A67B9B0F6AB02757CE60287BB2DC16039C80FA1B1BB3565D2E3665D390ED7596F50F9D98A106BCFD26272E4CC57CF5C08FF7F0871BD59F833B8B30132B19
Malicious:	false
Preview:	+...c.pv0..#p.<\0og.E.SL.2.9P..jK.t....W..+_..v&...ONR...Z....f8....L....t`.....M.F.ri...nW..'U<oq0..(..Q...e.:.a..........%$.C.....e..Fy.+..y.{..9..7y....wEad5.h.M.5U.....-...........y..8p.c.^&.....X).3....$.......`...8..).9_9./.S".V.k.....4.k..?...WSt....1.1...._...8.p.8..V.C...i....e.{..Xj...nC]m...g?......./.Pij.h.t..........&Y.Cz.I.z.(.$.&.b..+@../..2.{../<LI.j..o..j.w@`..9c..}..>C{...=..O..av....<.,...!9..-......+...hQ..=.E.X^...6..}.o.F4..7..a...&....r~..o.5..zl..u..).(."..X@W.!:.?Q.. ZT.m./..Pp..1O.Mp..Y.k/#.%.&.Ry.L}...FY.U.[&;.-.%d.xb..ds.9....{..&>.O.CJ..#.XHh..d0...h..#..&6hS.."w.\.2.7N..BEW6.6...<..#....U....10Q.p\|......TZ.=...?.<....J.6`\|..\....W.~.K.@}.f?..:..X.....W.#....E.;..>.B..Z...R.....).....s$..q..Kc(l...s.4S...jr..6@.v....(G...........yg..Kj.C.S[/.Q...\|M...[..F8........z1..1c....#.ibf.......am...DN.M?....~..T..=...IH....\..kp.y.......^F.s..1a..6..V......&.M..7i..%..\|...J}u3..l..,...U.a..

C:\Users\user\Documents\VLZDGUKUTZ\KATAXZVCPS.pdf.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.7589269588471765
Encrypted:	false
SSDEEP:	48:k3imBcTY3icJGkIFJfZBwCM/1ivD6RGFEqCSpDMY/wQyMuqWS/Fyd:k3im8Y3iIqJfPAdV05EYnDFQ
MD5:	4816443D94932A022855F0D350091B1D
SHA1:	DF78A980866F31B9FF3313969887B2EDCE9D3A21
SHA-256:	530BFDF936DEDC18D6526FCCD4D42723530CD3F31C140CFC5DC706B082B1CF48
SHA-512:	E45EE17C4E4E065477B1B35778B864BE38DD987126BB3D69A0607C2A5A270E5E53E8D94513342AB07D2CA2AF1C4EB05E7341489AF77B52B914807AC2BD59489B
Malicious:	false
Preview:	+...c.pv0..#p.<\$>..?.....x..y.R..3?_.G.\..3^..6N...P..<$../.t......U.c.W.t.6J).+'.D0...>.2.@.6..4Y...........B....w...B....D........\|..4...kD...5.]..U.h....K..Ki7.=.\dx#...\|k......K.e.V...0...l..E...o1.0W..JY.tO~D.L...X5..6.@.q.].yNE...dl.LTh ...YS............L.B....5gj3.tu..g:......G.s..":.v..P.%g.nF.......D.S.Dl\...b.m.....r.=\|.I..'.<....d..5.MQ.....$..............B....m..S.=...2X.c...^u.n&..c..........z..z....gy.#....~.h.<...!..+.q+wl..L.....%.......} ......)......\|.H?..\.\..zrd...7.\|^E.0......JVqz..5.."G..\.....E.....rH..oZ........;....esH...n.m.6R.......}nr...G..".q.^.BaD.K...$<Q.o.....a..76.l....vpbjnj2...l._3E.p.^..,VuG.>S.f.2.o0...@.U;.DG.n,.W.:5cC.Y..2...!.A^..8..p... .d...psQQ.a...i...r\..)<2..@.r..s..9.C...c@,. x.i.....Y.~z......../=...k..`.....!>.z4T.f...$.nr.a..uYjeh1:.......,..:.R..C..a{....>.."~.........e...]..N...\|...UA..2....:B.\.....`....OPh.A..q&XW?...TI.b...P................%...R.X......Q.O.@...&..!8 .?....\k.....V.PK4....

C:\Users\user\Documents\VLZDGUKUTZ\LTKMYBSEYZ.mp3.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.777764305457684
Encrypted:	false
SSDEEP:	48:GjBMcfpgYRSv3E37MgDI2jCeXuvD6RGFEqCSpDMY/wQyMuqWS/Fyd:I9fpTRfLM7eXB05EYnDFQ
MD5:	6B5B23D7400F31DF9D22026A998A675D
SHA1:	39CF78620FAC0306F3B0464340AA926BD56C3C69
SHA-256:	E99A861F18CE43A9B57B5854D1DD15B22DBBFFA1A3B59A2E8C6D8E65BE7CAC80
SHA-512:	EBC8DD030FA7BF5141EF1900DC76F742DA791DE5166EFB062F1BD6884C1EA43DD7D029531D51666DD93A8FA0FFB2E37D4534A61F4355DA15CD73F37318798240
Malicious:	false
Preview:	+...c.pv0..#p.<\.f#Q.&.n.%....s....}r#2.+......p2.E.y&..l.68..7.t.:.Xwi[.R'..g.0YT.-..$...Ne../VHN.^.h.......K.K..<..#....O..\... J...!....,.Xi....k>.e..2.P`.wxqy.{....uH...<.v.9...B.v)h.!v8.2..#.G......`]=>.....8....~..S..l.`.J.1....g......._..t.9Bys.....}$e.].B..p...zG:...V.I..".d.f..c..L.S.....iO+...G.h._$.x...+.....o.OO. ....].$.....t.Q....tI...}ok.. M....G..X..j.`.G.D.[&.e.."......eT@.:..nA>.V.w..J.........{U9...fZ.\|. ...yp....2...B&.L5.......I.^r:.oE+>..[FC..o.c...I3...GQ....;.9..b......r.'..y.qI.$..-q...).Y.7.....4qPfT.~.J......(.+..$n......Y......?.?.5..(........-.l..qR.s..].Y...o.jq...6m..@...G..q.dl...s.1.,.....]..SK...z....cW..a....,/..K.l......@%.......#.........>..2..\|3....mv...(..."...}.?0c_&)-U".........L/2....7}.6..X7....\]....F.g (\|....x~.]}..,..</c..x\S....L..1.....t\\g./.......LKk.Ao..u.j.2.U..\|......4...!.n !..L]...`....;qO.."....@Hr.L..J..m.&...w~%.....Q.A...9..B...E.<.-....`o.KD....z....m..D._#...#.M....6.p.$.i

C:\Users\user\Documents\VLZDGUKUTZ\UMMBDNEQBN.xlsx.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.756834480322971
Encrypted:	false
SSDEEP:	48:hu6e64gvyo7CRaifStNNuwvD6RGFEqCSpDMY/wQyMuqWS/Fyd:Ne9gvyo7CRabb+05EYnDFQ
MD5:	756454FA0C0E0E3BC791BA45B08BD8AA
SHA1:	353B0AB177887817DAF5D706A2352EA498D2E780
SHA-256:	533B5BBBB6A9BB7B152F4F2BD71FF2BA3FEDEB870D1EB65AD9815C13B1DB8C2E
SHA-512:	DB88D6041AB0610F3DC93E6F472CCEE58500B3D7CF07E2347D6923E138BEC26901D44DE38454837BCA922E0FF85D47C109AB820174F92A5ED6612C5A94A3CD6B
Malicious:	false
Preview:	+...c.pv0..#p.<\:pFUc.e..P&ma.8<-..<C`..h-!.[^.c.\|f....^......I......r^.\|ydd....7.K.@..2..T..0....UH....'..}a.J.4h..f.[..YbBg.v..Dve.r..2t2... J.I22...8.{..*.p..\|x&.6.]...)...M...k_...F.BA......kI.N;.o...G...t...z$u...[.9.H!.....X......Y.K..o..{...\|H0.....=.o..&.(...%P0..b...tI..!.g..8..OD.K..&z....Y>.!a.i...'\.n...J.."lE..$../._nI._.;..f..4.+..G.+.~'7M..%..=..,..H[..zh.oo&....\..wM.....B.qF?..-L..}.t.;....p..X....U...k... ....n......V....B..B...j(....6.._.r.....C.$C&..6bi.....n..B..!.(}..y~.._.t..KL....Q..r&.RI...../AJ.]k....2nX..N....t.`\..Pl...H. ..#.<....7N........W.Y......../.o..r=.Tc[;+...tU0R.w...w..{j..5....F...b..}/..j.Zrb......=YE....b].....<..}qX...,.(.O.P(n......U..F..(.I...!'.]8..J._&E.?5.r..`..j_.........cH8..l{I.2iXa.`...P......#..7.......]$......_..4..d..._-;[Z..t..\N?.....@.....I...9.......-........Z..0.m.RBW.1.l..P..(...._=x&.......R.Ht...O....r.q.0.`M9...T..C.g..Q..MQ.?O..6I..EN.]\|......\|.or.\ ...:....s......8..H_.

C:\Users\user\Documents\VLZDGUKUTZ\VLZDGUKUTZ.docx.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.756290623300287
Encrypted:	false
SSDEEP:	48:P8cXZLV3WGs24Uf3bJ6vD6RGFEqCSpDMY/wQyMuqWS/Fyd:P8OVmGs24UfFd05EYnDFQ
MD5:	2FC9219839739A39E65C912841550B08
SHA1:	BE79AB044F881D6541D93958D1757310D0EB1F93
SHA-256:	8BF1718F6095467B983844A6CD3B60DB7514F0954F6F17AB772A0D649863FB13
SHA-512:	1A63B25D7A9E54CB13E178957ED22A9BEF26F10DECB9C0C0920528D5FF4F9ADBD70A1B93B728369F7E04F7EBC9EE8DE930DB1256DD9FD231F35B98794D3FD41D
Malicious:	false
Preview:	+...c.pv0..#p.<\....e.Z..`......\|...xx..U%Z...{. ...J.x....V.-....,.+..Ec.a...:O..=7.....Cb.V.(......>.$.....e.[....K...F.N..w.c.^m...mz.Lh..`2.~...`9...b...v ..p..ZQ.L...Mq.1i.o...i\...VYY.@;.9.)y.+{i...Y..........z.."h.....H....z.o.Kv.._4^..7/r.Ug....T.4._n<..l.R...P........c.A....[...I..@.;."..S\|".k.L..(.....B%.Q.%...n~#l..B.+....J..c.....J/`......vv.....7...(....5..Y.=..).u."...9..q`.1a.YP.L...c:T9Pb{..7......7...(..fA..<.l........O....g.Q...R..U...xQ.'.B.Z.......Ai./....6.}.j..d.0..Q.3.qt.'.....:-x..g.7....<.F.7..e..o.c....5{........C+Am.CG..I.\|...c..#0.=.?.BcR.;.+...+.j;..]...P...hT....U..z)..P.z~...>j...s.~~...Y.\|.Y@.;<.....b.A.'..Q..i....p....S...M.S.?.?..ZL...I.=9<..0:FBa..+X....g.Q....$..X6y....b..+.%X,......&5E...=0.(%..+....hIK.{..G..5....i..c..+.....ul.t...E...+..`.".C,l...AEeP`n.g..O.Lfzfu..W.l=]...Zq..z./.....O....B.V\|.Zo..C...c.......UM)...T.6....'..a.....c..j4...#.e{...#..A+V.i...3..s....W..\7.P"3.X..2wN#~i.m

C:\Users\user\Documents\WUTJSCBCFX.jpg.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.739345339658692
Encrypted:	false
SSDEEP:	48:RNZVWWVLXsTlvD6RGFEqCSpDMY/wQyMuqWS/Fyd:bZ+o05EYnDFQ
MD5:	D3CDB00A4476B56F74EBEBDCEFD4FAA6
SHA1:	FD13D8E2AD996AB5E4C591C41E071ED3B79E626F
SHA-256:	60522451456D225B608B6F69FF52C52A651FFF69F7EDF012F0EEEE08ACB937A8
SHA-512:	0ADB9772ABA381E85C098ECF4FF66B6DF17A3F3EAA1C4839BE062DCA0B939BB5B14279830976179E176388289406D661559D20CA48F88CF009251EF5C30EA7E6
Malicious:	false
Preview:	+...c.pv0..#p.<\.....;6.......AU5U......`/u.W.......VA.G...X..C.-...h._......`...m.S.a.8..i.2..@ZFe...~S/u4.V...f...._...t...?(dDT.L.X......'...7..L..B.....1eC.`........fz...X.H....r...o..u.].t..61....]9.6...IJ.....5.,B...[....A.5].[...w..U.../..B.Z.XFN_Y..JI...2ha.g..\|..X.^.....6c.#...4...(6.sa...Ng..i/W..H..z....?.7+.9.~.W.e.F....{...h.~A.t.5..y.......hH.F.W..0:..!...P7..XE........Q..!.R$(.}....\6v......{M...(!..6.(..I..J..gq.y.[.P.SN..QeG......k.7.H...B..c.y.!...R....Fw..0.....;.5`}..u;.V.ok<.1.Q....]M..2..t..n.}..~.T.hy3.IGcPi.ENN....n....B...M,..R..r6`..............Sbj....g....$.._.$.#S.s..v.....!23.He-......}?.<..w..60.. ...!..I.2.bq....=....p. ..l"{.Q...G.........?../.~e..X.Q0.,..1\......C.J.6+.d..A4@..&.. ...o..u.Q......a......Dm0..'hN.........=.Q.......1.M.v..7.?%r..^.eR...2..9.`>./ .O.d.)jF."....O..^.}^.....Ua..Gf.....1.......P.`.b..W.@.k.W...eg. .A.....I..iR..w..9RCh..a..........(..cI....]NiC..3.O.,.W.....f.B..p...c.n.>....]sx

C:\Users\user\Documents\ZBEDCJPBEY.mp3.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.791912492866249
Encrypted:	false
SSDEEP:	48:O7cPpYVB+6nTHJ8X0rN0MtQbmyzvD6RGFEqCSpDMY/wQyMuqWS/Fyd:4D9w0B02gmh05EYnDFQ
MD5:	36128F876BE64117960A01E066E77A78
SHA1:	6C3EE1F75BDC8349EEAD64BDC0BF125B07B4F4AA
SHA-256:	954747B9CD36014A34AB76F7B65330AC0AC49F6BC8A4EDC93091B3999AAB8F5B
SHA-512:	17524AE86DD408663D1DDFBEAC4A2D50736A771BDA7BC4967F92D647E9306E0906E1C8AF4FA1AFCAFE5531642AE8EA9D9CC9EA7AB4489B2ADF76D770EF708104
Malicious:	false
Preview:	+...c.pv0..#p.<\t...e%..\|...c.j._.@.+.'...T...4..s....$cq.\...r....i+.$..d=.Mi.\}W..rp".S..az1............`...D...''.....O0wyr..B.5..0g.....f.R.,q..,xr....\|..&...#..5..".."..h.{jHl.e............)....f.#.u.....".ZKIOR.=).*.`.p...Ir.,L.j.L.f...^..i..o..D.'...[b2.J .R2\......@c...t;~..............{.....n.N~N.k..[......,..`...C\..<p.W.....[......l......B....o\|..Eg'..}..@../]..F...6....&.~...:..l..9._p..Q.>..T....H.e]..:y....RHsT.i....+.]..)M.<;[.....)..%xE...].f....^.......f....b..\|:..O...Ac..7..]p..u.}csX.?.I.....3.XH.D...j..6l...\|-.m.~. .k.u..l.....L1'+....k_I-.. 0.4...-.OQ.(.E..TB......n:..S...).%p......l.c...Wac.yRP...<....M.J....Q.`v...$.0K1.7....W....z!;..q........G.U.......4fn..P....i..].d>Zuv...$!KZ.t.=..H!D.......BG}........i......$.A..h/.c..w<..OH.......'.T....g..VIu.....#..P.P.....D.}..G.hhX C.....A.....P\|.j...p.f.......s.Y..9t..zW....k.eY./o.Z....8..O....h.v..>...R........_...O..r].{.........8(.M ..7.}d]E....1......S]^.

C:\Users\user\Documents\desktop.ini.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1468
Entropy (8bit):	5.815694460668385
Encrypted:	false
SSDEEP:	24:4va+HjZZEkOhaFOJeUFLMvDjRo9zGFEqCNWT15D+gnM/Q/wVGdqnnMuqRAFpSZhy:gaGjghasJivD6RGFEqCSpDMY/wQyMuqU
MD5:	226BC0925CCCF00D83FFC3C0708F842C
SHA1:	6E45C4E0D1DD4C434E0C7DD663F0F556293D9A84
SHA-256:	1F6BCFEA8701FF0BA64A8D57B28AF13073961083D22710C8E64B6562EE0919AF
SHA-512:	30BB50151BA23A2A9CB29FE63861C03A93B5C75A448BD8FBB8A950B6A3097026E13F107260FA5043486772932968EF601275E571D381B980F27256633199162C
Malicious:	false
Preview:	+...c.pv0..#p.<\cL.......~.i..Tp:Wd...g.#..?V.)?..5..w.Ku..8....).4_.....?!R..f.)J!.kB.s!..W....I...o....B...gs..}..l..m..H.....i#..\|...t .^n..%....ab.......i...N#U....kk....S/.ly.B.....~.j9.T=\|.n1y\|.-..M.ln.g..........%....'f<(....r...:.................S.H...Q..g.. .Y..HL'.>?...vH=D.C..K~.E.....u...K.......l.xjUf.gT.......Y.?.8...M0.n"h...x<..$..-..nh.3...5.V71..tLd......:..r(.c.nT.t......bX..d.....n.j....u.~'..---8+8*---534a85e0477a147b45fc479d408b7d9dcaafb782fbd52e17fe0813d00d79bf9d07a58812bdbc3658e453104c945ac24d0853bae9ec3be335568b3e0c9c3767a7b181acf426a4fb24c1138821536ec41308dea33a921a200c15df70bead558d7305879e3dfc86c0b8a50305d9cb59fd064c6ba02d6243144e73eac23534dc3472fea3fae9f195357c3d99f674bd8e3e252c1bc3c96b3b88a70780ff57caf1a29e1229bc9b2e9579d66cd36af8dabd2099228ef733ee3171eea87210458d6e7c55b316fbce10d6e43623c6fb6cb8f7676499ea2f294d81d7c84848b6cf1c67b6133f4848725e5a1e031038a7e0eb154e8f27cabc74809dab343bfb3f6f26ba46ed9cf0a5b1c8d65906d05e67d5e22685dad7ffb556fb506

C:\Users\user\Downloads\DVWHKMNFNN.png.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.779898615321339
Encrypted:	false
SSDEEP:	48:putqPpTBos1E6aLnUeW1jvZK7sipIckM6JvFPgIUnBZ:vBxnEnUn+NkMEtPUb
MD5:	851501554B940ACBE77271D56678AB83
SHA1:	1BF83725B6FAA070B3785622A30F669CA7902629
SHA-256:	D11446E390836B8AA1902083C3036BE51F267723A439A80BA631E54BA79FEBF2
SHA-512:	DA20B43386C91A25E643DC7C163369CBBF6861B8FA29D252AF9BA110FCC846C3364B30E6B91D6843BAFA406C5AD674C3441708E3A4F48389733C00FF20B284FD
Malicious:	false
Preview:	....VO..p..OB.C.. .. r'T6.....)..Y....F.x...ty...-.4x..'F...;./)..=.K.....=....$g.i.>......&.pb.#EHf..c.k....cW...K+.WY@......%.^.$h.....:_.!X.#`....H..a{o...3F"]T.$.,2.....D.I..G.N..gB.U.pB..)6...4..j:D.e..Fh....Z..46.n..\|...)._..@../R%...'u...7..F..G .x.,.:\|J..l.A.v13r...X.aB..<.../5.%...?.y.s..[0.O.~U..~. .............#r....!..8..[....B..(...05k.`i.X._.d...g`....H..l..:s2...5........gZZm..d..7.Kr...U..Mf ..yH.l...7.}...."&"..I....`......'a!?...]'x.s.../.\|2.:.QWp1(k....r@..S..V....6Qw....L.lck.......~........r...y.l...O../m.G.g...4$..'.M^..%^z... ........L..%/...30......mOH.,.{.......:...`.......s$.%b.n)O..H...<NJ...<.)..A. ...H}.J.X.........5..,gU...E........R^.Pj%$33.HR...`....f.F..!.S(<.S.....4P.6...]......v.\|..R...J9fr.S/.<._...>....?0]...(.......P.......^.....o.^...@.C....... .......t]..[Xr....Cd.i.c.`..n..c..+.....?....$.:j.S.;sP...:..)y"h..y....C.........Y.'.Db.mH..C..[.l9n.UDj\|nx..K..Z@..RDV..L.0;...\...g..r.a.CG...

C:\Users\user\Downloads\HTAGVDFUIE.jpg.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.738972645905652
Encrypted:	false
SSDEEP:	48:pOpifFf0CDQer3atM4XupIckM6JvFPgIUnBZ:6idf0CDNagkMEtPUb
MD5:	588222DF43A6E074122BEF6F7E1ADCF5
SHA1:	0103EE01927FFBC6FE648099927D95398205D845
SHA-256:	B74246F04F77A3D72676AF83F989627B33DF2DDE0E00F675B11B7736B55998B0
SHA-512:	B27F32DC50406080763C9F2E4274C832DFEDDA27D412A241EDE952FDA0C0D28BA2E17DB05F7B7CD32E7239DFD2BDE0587DFA66836B380D8C13DBE3383FE176E7
Malicious:	false
Preview:	....VO..p..OB.C..G....`.k.b....=.>...b..z.......6......S......j......L}...Yr(.F.H..Q..F...I.h.I9F.Q.^_x.....}.........p.. 0.1.....g..A.....l.(.%...ZD}h. ..o.X.Al4s.Z`#....G.^%...F.......t..Wi..{}...4_B.........5#Et.r\...Z?.S-.[-Uo.?.0.....D.Mh.AJ./.h.^..nL..E.r...k.......]..jF....Mk...P..b.E..j...C..V.....9.$/\|9z.\|ym:]......~.%S....n..@...^.<..x)..t.C.{N.L.k...?.......d\|1.[..3...F....j%..d."...\..N.....~B!\...y....x.2(...=....q...r...,.MA.b...E..-..OrW...s..c`.G.2Rf..j..F.......-a..!....,.\|'......}..R<...e+..G...g.....%.'.c..@....Az=.<3V<.Y.}.K....b..mV...=.....=....c......p8.R\|..e6p.q...3.2T..Z.V...Rxb./5.. 5x9._T....9.......\Z........6.as..A.9.k.M.N..o.^d@.Q....5..X..6H.dV.b..=.....9.Ul.....G.t.A.:.wb'...X.....W+E6....W.%o...7X.\|.c....lm...9...~..T......s...f.........4...\|........1.gVK.>Z..m`...b!...e\.$.'.0c.P)/]'c.,:23...W+.....27Q.i.3.R5j"...n339.\~.P.....lx....!.....rj.7=>..+=}.ggzsC..9...cAG.v.U....@.qS.. .m....xmeg.a?Y.K.

C:\Users\user\Downloads\HTAGVDFUIE.xlsx.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.738972645905652
Encrypted:	false
SSDEEP:	48:pOpifFf0CDQer3atM4XupIckM6JvFPgIUnBZ:6idf0CDNagkMEtPUb
MD5:	588222DF43A6E074122BEF6F7E1ADCF5
SHA1:	0103EE01927FFBC6FE648099927D95398205D845
SHA-256:	B74246F04F77A3D72676AF83F989627B33DF2DDE0E00F675B11B7736B55998B0
SHA-512:	B27F32DC50406080763C9F2E4274C832DFEDDA27D412A241EDE952FDA0C0D28BA2E17DB05F7B7CD32E7239DFD2BDE0587DFA66836B380D8C13DBE3383FE176E7
Malicious:	false
Preview:	....VO..p..OB.C..G....`.k.b....=.>...b..z.......6......S......j......L}...Yr(.F.H..Q..F...I.h.I9F.Q.^_x.....}.........p.. 0.1.....g..A.....l.(.%...ZD}h. ..o.X.Al4s.Z`#....G.^%...F.......t..Wi..{}...4_B.........5#Et.r\...Z?.S-.[-Uo.?.0.....D.Mh.AJ./.h.^..nL..E.r...k.......]..jF....Mk...P..b.E..j...C..V.....9.$/\|9z.\|ym:]......~.%S....n..@...^.<..x)..t.C.{N.L.k...?.......d\|1.[..3...F....j%..d."...\..N.....~B!\...y....x.2(...=....q...r...,.MA.b...E..-..OrW...s..c`.G.2Rf..j..F.......-a..!....,.\|'......}..R<...e+..G...g.....%.'.c..@....Az=.<3V<.Y.}.K....b..mV...=.....=....c......p8.R\|..e6p.q...3.2T..Z.V...Rxb./5.. 5x9._T....9.......\Z........6.as..A.9.k.M.N..o.^d@.Q....5..X..6H.dV.b..=.....9.Ul.....G.t.A.:.wb'...X.....W+E6....W.%o...7X.\|.c....lm...9...~..T......s...f.........4...\|........1.gVK.>Z..m`...b!...e\.$.'.0c.P)/]'c.,:23...W+.....27Q.i.3.R5j"...n339.\~.P.....lx....!.....rj.7=>..+=}.ggzsC..9...cAG.v.U....@.qS.. .m....xmeg.a?Y.K.

C:\Users\user\Downloads\KATAXZVCPS.pdf.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.765881251565534
Encrypted:	false
SSDEEP:	48:pxRLmH7Z6Luw3/sFvbpIckM6JvFPgIUnBZ:nRKbZsEpkMEtPUb
MD5:	29857E25AE93AE3368F092DF22533A2F
SHA1:	3D626F6276E3BA51E6206537DC97DD115720E33A
SHA-256:	D0442784A0A43016AD71107C7DB9D415A7B2ABE0F13EC2D0DAAA7A7309E29F56
SHA-512:	05643F313828D2AE1C37942AF0482794F5D4648A79276D5F122DF865DB214029AEE4DB36DCDFACC270D1FBD9DCE62F2EC9E559A59D029305C612016E9C3C014B
Malicious:	false
Preview:	....VO..p..OB.C..:....{....p...Do?f.6..{g.q...4!...q....W.v.um!.8=...........t.c.[.j...b.b.^...?..].%.......1.......j......$.".N.L&..kQ........B..D.j..Y}e.....6ZU!Wt...G6:......._.e......s..&f...x...E.y..k+.q^.r.....wa..E,cl~...E....P{..a..A.....k%..=]....Nl.S..NLb&..4...0@zW.....Lw....ZM.k..o&...b....n......o...d.p)"0@.......s$...b...e......[t...d..}w..?...8.).....7.gY.... .}.(....\{...\...&..`.oFe....8.qi..7 .t..;.s.g,P...Q..,...(;..^..v...&`.\o..=.N..Z.1.T.tf.....L&..n..S.e..SI8..\}d...D........{..v.u_..lw.j. ...y.R..v.Ul....+...2.j...O%1f.v.3....a..k.\|.]D.P.^~...n........C.y.....<.U:z.#..#].U.^.=d8...x.s.....[..H..G'\|].XW..k..........e....TuW-..'r..yZ.j\|8.{....z..q...b..R-`j..s...s>X92,..o.(i...Ls......o.fh..gpH..3 {_..W@..5..ei1V..O.)a.....l..$........m.g.$..^..i.C..n...z...G...a.o...u.x.sM.j.......>.._...C.\F..L...M.-....G..}.?....JR....YJ)..a..~...@.....y..w.x.9.*..6j.k.\.M.W.H..g..=.P.^..c.R@.d..P..c.Ai.#..b.

C:\Users\user\Downloads\KZWFNRXYKI.png.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.791728632741117
Encrypted:	false
SSDEEP:	48:pnkJVtVZ5KudMLVqOEOpIckM6JvFPgIUnBZ:e5KqMgOEOkMEtPUb
MD5:	90D0B8FC61C4F3C012FB981BAE051799
SHA1:	2245E374011A3D9D44FD1E83CADE7E212768880A
SHA-256:	F72FA516A07EA33DC6264AC52B10306BB0AD500EEE7E864AA8327A461B012D84
SHA-512:	1CD03B894870E20BDB9FCC4E67906C8954B7733137A11FEFDFA85AE044E9FE4E195665C13394B17E7D585BD5C509CB147C0E9AB086FEC63D0CB64990117A5347
Malicious:	false
Preview:	....VO..p..OB.C...yea<..'.A..;..v...@f+.....!.......p.....z&......jl]..E.....m#`'....E2....MZ.PF.\|Sm....T...X?..w.....\2.vhx.@Q.1....O.w..M.....K.`.O........:.N..O..X.\{........G0.}..$....+.^.}...5M}.A...=.O.!.:]0..!....{s.{.....B...{.).Xy...uw}pvM.?./.."...ss...Z.+E....S.G.....R.7s.W..=.I....u..3.Y..."d.G.i.....-...Pj.)Z.....7.F.H.\....?...,...Uh:h....`aH..5...F..[.c..VNY..*.......U..:j......A/....f..._...^%.[V.,.^.\g...)r. a=..fAFJ.]Y.y...K..L._Z.g.&...b........(...#?:r..P(.3..i..JI...h.....t.......u../q.I.a.Cb{1(.w..{.FyA.t...~...s....U.0.9<...C.;_%O.d...^....R...X.....kq.K.e.D.....J....)U.. ....i.9..9.......;....~..r.n........-.....z..W...2Rd...@..8G(....d..............?.t.F.V..E.p..Z..Y]..{.ze.Ab..P....,..J/..CY.C.n../.E{o.e..J.8&..X..y<.....gZ.B...[}[...m.C...P.O..w.y......$.=..S..R.=}....N.N#."...;..9/.jp.t....7......MP.V~._...[^.iF...+..-....d.bQL.m.. ..c.s..Tf.c.....gq1.4.....iX.t2...r\|q...8WQ.G../..2.{.~_....y..S.7.c.W..

C:\Users\user\Downloads\LTKMYBSEYZ.mp3.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.758519514086432
Encrypted:	false
SSDEEP:	48:pnJ6wjogw0KPSxFZ1mnXnIBCkpIckM6JvFPgIUnBZ:pjngaxTBCkkMEtPUb
MD5:	EBBC49CA77A3AA8631B98795760C1510
SHA1:	8F1795EDEEFE37952AD5DE580028F158CA3C4003
SHA-256:	0685282363A909DEB61F79A746931D281CD7BC8D2D8762ADF0A057E99EC38A81
SHA-512:	8A035DCDD47547ADF8CA35E81BE1BAE9A7C2B4BB30DE4F390C83568CA9312480068C862D67DE10154F4230CFCDF50E64DDE82855FEED3B8E2185F5CBDF096CFB
Malicious:	false
Preview:	....VO..p..OB.C.r.} .sy.._..6..w).z..H1.F.....u.s...-.4/.)....A......3p..\|..^....T..#.X..p....r..{.e:../T.....x...w.zXu.T.E...........].1P..........y3P.,I.m..@..A.v).wH.\s(....0....k.C..$.a!s.&'..d.n$M....i..2....r>.C.....=..-..BK\|.....K..N....{.@.~.y..D.@p....L.?;.]/?..........y...T.h....C.7......O.4.Q..XJy46`.$\3..V.<....l. 9....j..\.\.../.}K=.z`.t.O...3.U#..b0..z(=n.a/.HX.a..]6C.C..6.....;..H..]x..x..U..."....r..C]..\....z....U.6..P.t{.......:..#.A3.[F..Sj.V...Z.....m...d\|B........?v.....D..-.=-.8d.6d.'.:..=.I..6....C.T]........su..&x.........7..r.9...0.#._....2...0.zX....I...l..9......\|..t2;.[...Y..0...:..f.Ns.~.....5'6l.a.z3.....g.k....U....T.i./.V!A.....&_P&....<p~.k..........H-.......D..q:`.............g.X.r.D..%R..Kp.A...Vd..X[NkF.`.%....xP...=..r....}..U.#tO.9,..K.....cZ".....~.~.n.....l.`..=L-rZd\|.X.;w.K%R....s.s..V...e..+L.T......w$...WD"G...;.Z.k`F.....n.9....... H....Q.5...N.y...# .4Ft..U?....A.A....4x.5MT......

C:\Users\user\Downloads\LTKMYBSEYZ.pdf.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.758519514086432
Encrypted:	false
SSDEEP:	48:pnJ6wjogw0KPSxFZ1mnXnIBCkpIckM6JvFPgIUnBZ:pjngaxTBCkkMEtPUb
MD5:	EBBC49CA77A3AA8631B98795760C1510
SHA1:	8F1795EDEEFE37952AD5DE580028F158CA3C4003
SHA-256:	0685282363A909DEB61F79A746931D281CD7BC8D2D8762ADF0A057E99EC38A81
SHA-512:	8A035DCDD47547ADF8CA35E81BE1BAE9A7C2B4BB30DE4F390C83568CA9312480068C862D67DE10154F4230CFCDF50E64DDE82855FEED3B8E2185F5CBDF096CFB
Malicious:	false
Preview:	....VO..p..OB.C.r.} .sy.._..6..w).z..H1.F.....u.s...-.4/.)....A......3p..\|..^....T..#.X..p....r..{.e:../T.....x...w.zXu.T.E...........].1P..........y3P.,I.m..@..A.v).wH.\s(....0....k.C..$.a!s.&'..d.n$M....i..2....r>.C.....=..-..BK\|.....K..N....{.@.~.y..D.@p....L.?;.]/?..........y...T.h....C.7......O.4.Q..XJy46`.$\3..V.<....l. 9....j..\.\.../.}K=.z`.t.O...3.U#..b0..z(=n.a/.HX.a..]6C.C..6.....;..H..]x..x..U..."....r..C]..\....z....U.6..P.t{.......:..#.A3.[F..Sj.V...Z.....m...d\|B........?v.....D..-.=-.8d.6d.'.:..=.I..6....C.T]........su..&x.........7..r.9...0.#._....2...0.zX....I...l..9......\|..t2;.[...Y..0...:..f.Ns.~.....5'6l.a.z3.....g.k....U....T.i./.V!A.....&_P&....<p~.k..........H-.......D..q:`.............g.X.r.D..%R..Kp.A...Vd..X[NkF.`.%....xP...=..r....}..U.#tO.9,..K.....cZ".....~.~.n.....l.`..=L-rZd\|.X.;w.K%R....s.s..V...e..+L.T......w$...WD"G...;.Z.k`F.....n.9....... H....Q.5...N.y...# .4Ft..U?....A.A....4x.5MT......

C:\Users\user\Downloads\UMMBDNEQBN.docx.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.74026515873253
Encrypted:	false
SSDEEP:	48:pjzKF5MdBH4XCKNkKS8+pIckM6JvFPgIUnBZ:NJMokMEtPUb
MD5:	51CE7E6A685C251CA1CA17E89F383A6D
SHA1:	2F0D639B33657672A3CB79F903C8340139AA66F6
SHA-256:	58133B6F41C825D25FB9D14ABBB56E9711AB8BD1867542F488759E329AA34939
SHA-512:	EC44A8096280DC72D7872B0F1D43EC0016941F20C8F171A35CB316AA1E19B777D3CC9696B1208AEC5AB4EB4E8573B7DFADBF2165108DB992030E156C4E3B2FAF
Malicious:	false
Preview:	....VO..p..OB.C..pR.....=`.vC....~.....'4?...re.........w.....<..`..C..U.eR.>....:n/l..7.......^k..M..KMv..2.$....Y.C...Y.y...\^...o(.6G.T..fs08{....3.9...C1...,.v.}(o'...a\M.g..,.s..IP...s:..5...\|.X.>..zJFX....efA.....u`....9...K..A.E0.F.X\\|....i.kP...$P0....B.1..Y%.\f.....o.D.@.[$.<I.7.J..k....M.....O..d}+X..GrS...`..u...Mb..H.....n.@.......`sr'..e....y...7....@......D-[j....\|....L;P.1rDA.....K.VL..,3W.E.y.....K{(...yX.iP.*u.a.D.....[........\|.f&..C..R.vTC...5...T.9.JT..R..k...i..p,@n.M.w..^%....L..L`.5...MmG.P.x.Ka<.n%.\|...Ir..G.......a....7\|.n?.t...a...n.]4]k......ifZ...sS.;..0...9.{.....R.4.n .FM..H).`..U{;NA.o...........U.S.......7....5<....j...e6(x...c.\|.-/(........_[bR...K.zH...+^..u1l..u......V..A.:Ld.$....k.A.fu.<......]0..7i.E...n...Jc...gn.....>U..i.W..U1_.R.$...$.lwa.2.'...A......I....(.5T;"....:...\|...... ..T..,..QA.g^..M.Mb..!.F+.....QP\|ZA.........ky.E!\'..j..a%.Ca#.e........./...^...{..._............<9.....

C:\Users\user\Downloads\UMMBDNEQBN.xlsx.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.74026515873253
Encrypted:	false
SSDEEP:	48:pjzKF5MdBH4XCKNkKS8+pIckM6JvFPgIUnBZ:NJMokMEtPUb
MD5:	51CE7E6A685C251CA1CA17E89F383A6D
SHA1:	2F0D639B33657672A3CB79F903C8340139AA66F6
SHA-256:	58133B6F41C825D25FB9D14ABBB56E9711AB8BD1867542F488759E329AA34939
SHA-512:	EC44A8096280DC72D7872B0F1D43EC0016941F20C8F171A35CB316AA1E19B777D3CC9696B1208AEC5AB4EB4E8573B7DFADBF2165108DB992030E156C4E3B2FAF
Malicious:	false
Preview:	....VO..p..OB.C..pR.....=`.vC....~.....'4?...re.........w.....<..`..C..U.eR.>....:n/l..7.......^k..M..KMv..2.$....Y.C...Y.y...\^...o(.6G.T..fs08{....3.9...C1...,.v.}(o'...a\M.g..,.s..IP...s:..5...\|.X.>..zJFX....efA.....u`....9...K..A.E0.F.X\\|....i.kP...$P0....B.1..Y%.\f.....o.D.@.[$.<I.7.J..k....M.....O..d}+X..GrS...`..u...Mb..H.....n.@.......`sr'..e....y...7....@......D-[j....\|....L;P.1rDA.....K.VL..,3W.E.y.....K{(...yX.iP.*u.a.D.....[........\|.f&..C..R.vTC...5...T.9.JT..R..k...i..p,@n.M.w..^%....L..L`.5...MmG.P.x.Ka<.n%.\|...Ir..G.......a....7\|.n?.t...a...n.]4]k......ifZ...sS.;..0...9.{.....R.4.n .FM..H).`..U{;NA.o...........U.S.......7....5<....j...e6(x...c.\|.-/(........_[bR...K.zH...+^..u1l..u......V..A.:Ld.$....k.A.fu.<......]0..7i.E...n...Jc...gn.....>U..i.W..U1_.R.$...$.lwa.2.'...A......I....(.5T;"....:...\|...... ..T..,..QA.g^..M.Mb..!.F+.....QP\|ZA.........ky.E!\'..j..a%.Ca#.e........./...^...{..._............<9.....

C:\Users\user\Downloads\VLZDGUKUTZ.docx.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.756049138704993
Encrypted:	false
SSDEEP:	48:p6+jdNLzZ1osKf+3BO9q9dM/rspIckM6JvFPgIUnBZ:bBlAmxO9qsAkMEtPUb
MD5:	F7536F3FDB51423ECFFA75E1F282573E
SHA1:	5FF88483096855079B75BE869FE64E92BDA356A5
SHA-256:	62B1BD17C0FF51D807786E135E6014BB3D89F7FD9E93DC3B17E189DA75FA4BBF
SHA-512:	3AD62934A8A06BF83ED21767668E94F35F596BDEC345B538EB0045888B2ADC027DB11CD32DA6907125B510420C533D76560834212F6A6F8B1B587B68B0A97228
Malicious:	false
Preview:	....VO..p..OB.C.B].d.8.cH.Sp.+N...$.y....ISKF6!}f7.3..&.R..{.&....../........qw.?.......X....8.........Pc.......\.J_l...g...?w..h..L..&.....Ih.......>.N......x........ .H..sPa+.......j...m.aK..sl......t.Y.y\T.....E..,...zj...\|..}T..aY.o=u.#.'HZ..'i4<..l."_-u.Qb..V...N._..M.......]..f...._.i.uR.CG....../.e..e..o(...~..w. ...l3...9..H....".j...8C......^....]...\|v("...SO..wh.h!..\.......j..m.E..X.@...!..C_1...0......f.p..9.-.b?/$.^#..i&Z...n.%..\.....k...c.....C+..m...&g}...1 ..Yc..W.`....Z..z.._.!.Te.......LcN...$...w.....0......^U.......9o=3>..=..v.o.d.U.Y,..#.?}6......q......:W..c7g&@G.T..,m_S....C.....%.4.r...?...6sq.y.<.<....i.~...1.,.PK3..w-.T['#"qX.>`9/J...@p.f!.on..B......^...._Z.F..f=.o.......".....i. .&Z...q..`./gb;.Zt...R...H.%.y.....v.%.....Es...Fz...#/...r.........q7..7..0......3>~.q....qBWP...ef......`^3.T......V.s.5.ts.5..'..Q...Hi@.`.l....t.D.L...L&.15..*.;.1m=y.p..N.......9 ..%ry`.c......... 4.\v./....~.U...g.$E:..u.B$.

C:\Users\user\Downloads\WUTJSCBCFX.jpg.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.756874031037042
Encrypted:	false
SSDEEP:	48:pdt8ZuVMjS4EbkyK4erjpIckM6JvFPgIUnBZ:KZuVMpjzJrjkMEtPUb
MD5:	94FD7116DD09F2CA5F1D3F906D3B7A94
SHA1:	36CBE1E3D7479AD3E4200782672DCD8331012E95
SHA-256:	A2754F885DAA08B34D9306D7D803323E4C7E6FF27D84C36FE61FF23447E5B8D1
SHA-512:	AF799DEB00FAFE823069B196E29A3FA744F229D53847F8D80137F6637B2D031B391E6B8013FD2E91F44756EEEA88B63E2B005E8CEDFA5A80242077E6822E9EA4
Malicious:	false
Preview:	....VO..p..OB.C.1...T.86.V.A...2w...@U.T;o.4...O..~..\C..F...\|.5.S...u+@TO.......8...]..b..q5..jB:...<..(......"....Z.O..K..........M.....:..-. H6&.}s-p.......nsR.......i.LU........%.Zz..Y>.o'....#...\|m...O%.q4.]...w\|..R..a.....o.~.s...%...b.L..}..j.......lW\|....[5.1N...>g.c'.u.s.`....R}.f....^.\|U......E.......b...S..m.... -{6...="...._.....a............%....KV...:...4K0.}y.1.0..O&.\.<.B....j.=?J.Zd..A.....6.P2.=,0..5.1..G...h1.xG.....0gi!.(...ZH...UA.jz+\l.s...d0_.......+....=$lsVQls.7.A....V...=.....+...=.)W...._.2.Q]....^.....Q.......x.c.n\re.X..!.#..L.Q....HT.5.w....8..a/~xo....I%.A....~.e...?KD.I._.)T......d3...S..MT`...$9."O....w.w....mq.v...`...S0"....]wo...[............28.)......u..t.j....O..X.%..:......;DjR.....Tm......t"..oK.KV.r..APH!.Y..L.1^N.........`.q........1.TC^.sK.HHu.A.<n..P.....,.k.....0O..l...q.s..0.u.......... .....3.........~.9'F.'i.8..N....n.Nf.z.c..W.t.C[.(...5....1L..>m.}c~IQb.>...y8.t..(.%>..f...[..".....q_.R!...

C:\Users\user\Downloads\ZBEDCJPBEY.mp3.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	2078
Entropy (8bit):	6.778833245337763
Encrypted:	false
SSDEEP:	48:pypV7uKqqdznvWay7SSYaPpIckM6JvFPgIUnBZ:Ek1qB2VPkMEtPUb
MD5:	6082DF3006A024CD4D01D1D392C27F39
SHA1:	98BBA1B2F2485537B7BDA5C90B1BF7048866E74A
SHA-256:	2FF637D7568F329D63827E5CB40B78368A39715CD79E92C1367108336670EF44
SHA-512:	D875695EC3999BFAFDD1892D25E4745E2B50F5DAC6FA984F53228AE847682D8C2F268EB8E6320DA8E8ED6E8CECE9EAB284468F5F0F24B1B7F442BC643401E09C
Malicious:	false
Preview:	....VO..p..OB.C..B.R.I.:-r..>.....\|#Zo.k..r._.0.d...........-...63...v}ok.!...UO.1.........J.....W.L..;.yj.M\|.@.f..~..9,..M....../..7."..OP.i&GD.^ gBA..l......@..>.>E.29uN..M.?.....#Q.}.S.h..yB.B.).....6..;.MFl.k..u........G...NJ...w..k.D..paT6)Ou..gZK......g..j{j)...".6.]..........f7..L..J..../.p^~...d .2.=.{V..3IJ(...]KB..Jx..`..%..i.5....a.+.{.2x.";~s..m..bf....>..7...8.+.%.mXGR..-.^.6...A>..r...r.?..o..H.W...S..........?R....b...J.@&q.E.._l.g..5%E3...9.4`M...kV..._T....].S.....!N.U..A...1..........z..yf;....$..4g.[7uw...:.....+..>z.e.8...C.w.<........).7......h.F.\|g...%.;=.G.....4E:.E!.n...'9.6.....P;Qeq......@..eL......E.k..1.N...^.F.....2.pw+...X......x.F...{C~.-q...8..VC(.#.Y...N&...j.I...jJ..Nf.t.SC.C....m.&..Sx#...K`R.M=.G..>hB.....(..P.vp...I......r....~.c$.~\........cv...2.M.. .4.'.m)..Q).CQ.Vd.*.w#.F....B.....6.....f(.....].h..a..8\|..Q6r....?..<.R.X.U....2..wfk...j.)-..X4.....gQ9..-..0$..G;FLCT.DmYk......^.. ._.A.x...Z.m

C:\Users\user\Downloads\desktop.ini.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1340
Entropy (8bit):	5.46689212458369
Encrypted:	false
SSDEEP:	24:peMRhC7P9ZXUppqckkHXq+UL0lCPH8eQIPxiwGIgRU3f7wz3VZ:pbPCF+pIckM6JvFPgIUnBZ
MD5:	281A591ECE5A1FFF52996D75B08736FF
SHA1:	9F2DD73E474913381AAC69509D7DD683A46EBE66
SHA-256:	FB11F8A906C5D120DBD59604DB004AC1B21974AF7B90BB47B848955426E6CCA4
SHA-512:	B07F9F92E40A5445E0B3856FEE6F5DF7DAF8E989723802DB493F40125C08B1FC55C1B06FD833170DEBB16255DA85685BFB2CCDBE6C8B04D305ACE8B3A1F9FC6F
Malicious:	false
Preview:	....VO..p..OB.C.)..k\Z..S.].`...<.H.."v....q.8f..'..y.;.=$[%_.B..I'v.p....l..$N}.jR.........$.q.7 ..{..e.4g.Cy..o.+}.L....I........10h.(.n.s6.....'.Z....s..6......g...._...O.$.f@..ft.9.D+...."..{A...O.r...N...].IH`M.8...'..c.0...4.y.{.R....W.=.B\|...<..z.<......R..l'.z........,. .z(W.[...X.---8+8---3203f117bd5233c2eff28a350aa40dab42ec9f74024e3da6829226261a136639676fee249143b5a812c8c84c5e948507e250df74850612db637692bf171b649ec130c3838c30934948a86627cb0533d28e2f785278c3291f06af19e767ddea563b84cde77b8394bba92e0b620b270df9015c5f41a6a391f93fc9c5687f61788c07ced10b574de0baa7a02dcad113873a00d4eb6c1df4c8510ad943627ea809c7d2ad314d788203daef5d7197c7255d0b756316a210344e17da3d7ffc7569a4855f3feee1362a6e64a39bfb0c67428fb80517cf947bf00417ea62b31bbaaf117e45b8e1777b66c401abed2b3a57724e4e57e7fb810bff53d24c73c70667b2dea234ee09bcb234a6363d1884b784bf03b412cf9dd9dc021ef5dcae63655c352b35fe5608ef6fe1fccd57ae1c92997b42eaeab0572ff92ffa260c97b889ab443a337625c4b600cb06d063d52d2d060cfbd70f4b1c0d5ff5a

C:\Users\user\Favorites\Amazon.url.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	4.728604991442226
Encrypted:	false
SSDEEP:	24:p8hJZippqckkHXq+UL0lCPH8eQIPxiwGIgRU3f7wz3VZ:p4JQpIckM6JvFPgIUnBZ
MD5:	E44D42780070306176EFBAAD64946995
SHA1:	432E434E4DCF7EA2A84104B08447DB91685414DB
SHA-256:	F2394C71DFA214212F9B128C95C00B9D25DEF166196D13AE30784EA352B8796F
SHA-512:	C3235433A26F370B3187A98F822E32965E6002BF30755FCA8FA42C2BA6B88C9286CD2A6EDDB0636F6410F4CAC7AE90871ECC06B5E3460F177DA65565695B80D4
Malicious:	false
Preview:	....VO..p..OB.C.e7=.-..#4....U...O.....i...i.9....W....]a..>.Z..=Ab?6}....R.._3.8...&_dc.....El.....e.V.<....]....3.\.M..---8+8---3203f117bd5233c2eff28a350aa40dab42ec9f74024e3da6829226261a136639676fee249143b5a812c8c84c5e948507e250df74850612db637692bf171b649ec130c3838c30934948a86627cb0533d28e2f785278c3291f06af19e767ddea563b84cde77b8394bba92e0b620b270df9015c5f41a6a391f93fc9c5687f61788c07ced10b574de0baa7a02dcad113873a00d4eb6c1df4c8510ad943627ea809c7d2ad314d788203daef5d7197c7255d0b756316a210344e17da3d7ffc7569a4855f3feee1362a6e64a39bfb0c67428fb80517cf947bf00417ea62b31bbaaf117e45b8e1777b66c401abed2b3a57724e4e57e7fb810bff53d24c73c70667b2dea234ee09bcb234a6363d1884b784bf03b412cf9dd9dc021ef5dcae63655c352b35fe5608ef6fe1fccd57ae1c92997b42eaeab0572ff92ffa260c97b889ab443a337625c4b600cb06d063d52d2d060cfbd70f4b1c0d5ff5a48a007b9d5d2abf63f379c5758019a3e0f9448bb0b1120c14034c51e796d5d69784ab07e48302dc582f9f1919c4d12615317c0a18f7f7b733d30eb81dc492435870ab1b5bf0ab81da938ecf7178b0f4823e8019c26485be5

C:\Users\user\Favorites\Bing.url.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1260
Entropy (8bit):	5.141904108344026
Encrypted:	false
SSDEEP:	24:p8hJZBuS5FS6lRIOppqckkHXq+UL0lCPH8eQIPxiwGIgRU3f7wz3VZ:p4JXP7J7LpIckM6JvFPgIUnBZ
MD5:	57E63B4C61C08ABC1A151291ECDDE0AE
SHA1:	0C9099AACE652BD5207223AFE01D2237AE606E1E
SHA-256:	2B46EDD34A33226221215CA8F7EF43AA66A2ECCE628EEFC0BF74DF118AC5E241
SHA-512:	87E2B3F2CABD13ADC327AF50CC6020702E3AD2B1087B0507F8DB28960DBF550DC298834992D1935E1D7AE56CC4E45C84BC41680E5B16C154C27420690C8395E9
Malicious:	false
Preview:	....VO..p..OB.C.e7=.-..#4....U...O.....i...i.9....W....]a..>.Z..=Ab?6}....R.._3.8...&_dc.Il.zV.Eb.@..E4.`......_..~...''H.V.\.....z#.M....f........j#.t..;C.........H.N..z....w.Z.C..o.l4...H.lw9.i2U.7.,..x..$..---8+8---3203f117bd5233c2eff28a350aa40dab42ec9f74024e3da6829226261a136639676fee249143b5a812c8c84c5e948507e250df74850612db637692bf171b649ec130c3838c30934948a86627cb0533d28e2f785278c3291f06af19e767ddea563b84cde77b8394bba92e0b620b270df9015c5f41a6a391f93fc9c5687f61788c07ced10b574de0baa7a02dcad113873a00d4eb6c1df4c8510ad943627ea809c7d2ad314d788203daef5d7197c7255d0b756316a210344e17da3d7ffc7569a4855f3feee1362a6e64a39bfb0c67428fb80517cf947bf00417ea62b31bbaaf117e45b8e1777b66c401abed2b3a57724e4e57e7fb810bff53d24c73c70667b2dea234ee09bcb234a6363d1884b784bf03b412cf9dd9dc021ef5dcae63655c352b35fe5608ef6fe1fccd57ae1c92997b42eaeab0572ff92ffa260c97b889ab443a337625c4b600cb06d063d52d2d060cfbd70f4b1c0d5ff5a48a007b9d5d2abf63f379c5758019a3e0f9448bb0b1120c14034c51e796d5d69784ab07e48302dc5

C:\Users\user\Favorites\Facebook.url.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1180
Entropy (8bit):	4.801053066533228
Encrypted:	false
SSDEEP:	24:p8hJZ5onoppqckkHXq+UL0lCPH8eQIPxiwGIgRU3f7wz3VZ:p4JniopIckM6JvFPgIUnBZ
MD5:	5F51701B3597C674B9B253451FF1B709
SHA1:	651CF92245A1A96C77ADD47E328600C7CD3D896C
SHA-256:	F1C26F4DA3F38A864FD7A016E688D6092FEC3CA1342B0CD75947A40D51AFB343
SHA-512:	60156072FE0E5ECD8C9819D9568A51BDD9BEAB421519CD2533991B12E537B1B3E8E4F9D435DF2664E290C0354001C0DBE637DDC675C27F580EEE5B0A02DCD899
Malicious:	false
Preview:	....VO..p..OB.C.e7=.-..#4....U...O.....i...i.9....W....]a..>.Z..=Ab?6}....R.._3.8...&_dc.....El.....e.V.<f......M.`.>. .}.=....P..Ra~...---8+8---3203f117bd5233c2eff28a350aa40dab42ec9f74024e3da6829226261a136639676fee249143b5a812c8c84c5e948507e250df74850612db637692bf171b649ec130c3838c30934948a86627cb0533d28e2f785278c3291f06af19e767ddea563b84cde77b8394bba92e0b620b270df9015c5f41a6a391f93fc9c5687f61788c07ced10b574de0baa7a02dcad113873a00d4eb6c1df4c8510ad943627ea809c7d2ad314d788203daef5d7197c7255d0b756316a210344e17da3d7ffc7569a4855f3feee1362a6e64a39bfb0c67428fb80517cf947bf00417ea62b31bbaaf117e45b8e1777b66c401abed2b3a57724e4e57e7fb810bff53d24c73c70667b2dea234ee09bcb234a6363d1884b784bf03b412cf9dd9dc021ef5dcae63655c352b35fe5608ef6fe1fccd57ae1c92997b42eaeab0572ff92ffa260c97b889ab443a337625c4b600cb06d063d52d2d060cfbd70f4b1c0d5ff5a48a007b9d5d2abf63f379c5758019a3e0f9448bb0b1120c14034c51e796d5d69784ab07e48302dc582f9f1919c4d12615317c0a18f7f7b733d30eb81dc492435870ab1b5bf0ab81da938ecf7178b0f48

C:\Users\user\Favorites\Google.url.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	4.728213136626183
Encrypted:	false
SSDEEP:	24:p8hJZBRppqckkHXq+UL0lCPH8eQIPxiwGIgRU3f7wz3VZ:p4JfRpIckM6JvFPgIUnBZ
MD5:	CB36E25FBAF1DC0C7BFDE01842F6F7B4
SHA1:	AB3CFA077CB0CF63B43C8268868B1A49F52457AA
SHA-256:	B113579914F88C5711BA738D76239EA25A9D844463715D0C03D661158C9E295A
SHA-512:	41780979C53BA11D53A28E921414011A010AEEB78443CBF6F5E480D84F208C0DEBDD2EC7A43B526CF03E5C79BF6147D42186374CF4411C0F741206606E7A1A1C
Malicious:	false
Preview:	....VO..p..OB.C.e7=.-..#4....U...O.....i...i.9....W....]a..>.Z..=Ab?6}....R.._3.8...&_dc.....El.....e.V.<Z.6iN_.........---8+8---3203f117bd5233c2eff28a350aa40dab42ec9f74024e3da6829226261a136639676fee249143b5a812c8c84c5e948507e250df74850612db637692bf171b649ec130c3838c30934948a86627cb0533d28e2f785278c3291f06af19e767ddea563b84cde77b8394bba92e0b620b270df9015c5f41a6a391f93fc9c5687f61788c07ced10b574de0baa7a02dcad113873a00d4eb6c1df4c8510ad943627ea809c7d2ad314d788203daef5d7197c7255d0b756316a210344e17da3d7ffc7569a4855f3feee1362a6e64a39bfb0c67428fb80517cf947bf00417ea62b31bbaaf117e45b8e1777b66c401abed2b3a57724e4e57e7fb810bff53d24c73c70667b2dea234ee09bcb234a6363d1884b784bf03b412cf9dd9dc021ef5dcae63655c352b35fe5608ef6fe1fccd57ae1c92997b42eaeab0572ff92ffa260c97b889ab443a337625c4b600cb06d063d52d2d060cfbd70f4b1c0d5ff5a48a007b9d5d2abf63f379c5758019a3e0f9448bb0b1120c14034c51e796d5d69784ab07e48302dc582f9f1919c4d12615317c0a18f7f7b733d30eb81dc492435870ab1b5bf0ab81da938ecf7178b0f4823e8019c26485be5

C:\Users\user\Favorites\Links\desktop.ini.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1132
Entropy (8bit):	4.600557913302904
Encrypted:	false
SSDEEP:	24:phSxwHqKxppqckkHXq+UL0lCPH8eQIPxiwGIgRU3f7wz3VZ:phSxwHvxpIckM6JvFPgIUnBZ
MD5:	D3BBBF452B32AF33CF19376BC4FF0038
SHA1:	7974D7E2FDBDEB3A7A11EE8638945C9B8493A3A4
SHA-256:	D485E51C6FA7E46B4F5306E181D9397F878A7766EC4821FBD460A0FA2735A158
SHA-512:	181857E23458292B44B2435DEF92675E2EAE976355C18BDD8BDFFF6A5757C71BAE1327E775D36895A966E76EDD045D64B87A6440AC547CA843F4282FA46537F2
Malicious:	false
Preview:	....VO..p..OB.C......d<...'L..X:.o...9.5f..]..ou.)w.6.,N@5......A..o.....o..Zb.v;..{..XB---8+8---3203f117bd5233c2eff28a350aa40dab42ec9f74024e3da6829226261a136639676fee249143b5a812c8c84c5e948507e250df74850612db637692bf171b649ec130c3838c30934948a86627cb0533d28e2f785278c3291f06af19e767ddea563b84cde77b8394bba92e0b620b270df9015c5f41a6a391f93fc9c5687f61788c07ced10b574de0baa7a02dcad113873a00d4eb6c1df4c8510ad943627ea809c7d2ad314d788203daef5d7197c7255d0b756316a210344e17da3d7ffc7569a4855f3feee1362a6e64a39bfb0c67428fb80517cf947bf00417ea62b31bbaaf117e45b8e1777b66c401abed2b3a57724e4e57e7fb810bff53d24c73c70667b2dea234ee09bcb234a6363d1884b784bf03b412cf9dd9dc021ef5dcae63655c352b35fe5608ef6fe1fccd57ae1c92997b42eaeab0572ff92ffa260c97b889ab443a337625c4b600cb06d063d52d2d060cfbd70f4b1c0d5ff5a48a007b9d5d2abf63f379c5758019a3e0f9448bb0b1120c14034c51e796d5d69784ab07e48302dc582f9f1919c4d12615317c0a18f7f7b733d30eb81dc492435870ab1b5bf0ab81da938ecf7178b0f4823e8019c26485be5e2c82be26778d0c03689c9ec22f1545a

C:\Users\user\Favorites\Live.url.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	4.722866692552745
Encrypted:	false
SSDEEP:	24:p8hJZU3ppqckkHXq+UL0lCPH8eQIPxiwGIgRU3f7wz3VZ:p4Jy3pIckM6JvFPgIUnBZ
MD5:	55728B227AB433570437AB5DBBC937B0
SHA1:	969679E72DC9FDCB178235651AC876761B69BDD4
SHA-256:	01A95F5CC1E79D69BBDE3B6014A16591AC0CE0B4CFD1D169D8A236D81697ECB4
SHA-512:	4ABA922D8A450A35BB620AD240E5F0482D81138529834737B2021297684F378CC5221E3E5B775F421A0CB8B7F586AE8235FCC8F6EA51C0CE0F726352482732FE
Malicious:	false
Preview:	....VO..p..OB.C.e7=.-..#4....U...O.....i...i.9....W....]a..>.Z..=Ab?6}....R.._3.8...&_dc.....El.....e.V.<L.)....;L..dab.K---8+8---3203f117bd5233c2eff28a350aa40dab42ec9f74024e3da6829226261a136639676fee249143b5a812c8c84c5e948507e250df74850612db637692bf171b649ec130c3838c30934948a86627cb0533d28e2f785278c3291f06af19e767ddea563b84cde77b8394bba92e0b620b270df9015c5f41a6a391f93fc9c5687f61788c07ced10b574de0baa7a02dcad113873a00d4eb6c1df4c8510ad943627ea809c7d2ad314d788203daef5d7197c7255d0b756316a210344e17da3d7ffc7569a4855f3feee1362a6e64a39bfb0c67428fb80517cf947bf00417ea62b31bbaaf117e45b8e1777b66c401abed2b3a57724e4e57e7fb810bff53d24c73c70667b2dea234ee09bcb234a6363d1884b784bf03b412cf9dd9dc021ef5dcae63655c352b35fe5608ef6fe1fccd57ae1c92997b42eaeab0572ff92ffa260c97b889ab443a337625c4b600cb06d063d52d2d060cfbd70f4b1c0d5ff5a48a007b9d5d2abf63f379c5758019a3e0f9448bb0b1120c14034c51e796d5d69784ab07e48302dc582f9f1919c4d12615317c0a18f7f7b733d30eb81dc492435870ab1b5bf0ab81da938ecf7178b0f4823e8019c26485be5

C:\Users\user\Favorites\NYTimes.url.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	4.739607342100551
Encrypted:	false
SSDEEP:	24:p8hJZgppqckkHXq+UL0lCPH8eQIPxiwGIgRU3f7wz3VZ:p4JmpIckM6JvFPgIUnBZ
MD5:	E71781C7E635DE746561DCE013734EA7
SHA1:	608F15619FD4ED3AA0B5869DEFD9D10129D0D862
SHA-256:	FB5C4E0A4A9A56DD376AE9C10F41398DA55E8EAC31257E75907B6F479457C955
SHA-512:	156BEB7E2A87B3D8B1FACD37ADCF76A16488EF704BA360BDA33C68F4E13783FF5C0C7AD082EDA785FEA6943F82D3293587F97F428DB282E3DC5216BD628C65C8
Malicious:	false
Preview:	....VO..p..OB.C.e7=.-..#4....U...O.....i...i.9....W....]a..>.Z..=Ab?6}....R.._3.8...&_dc.....El.....e.V.<..x....'.....---8+8*---3203f117bd5233c2eff28a350aa40dab42ec9f74024e3da6829226261a136639676fee249143b5a812c8c84c5e948507e250df74850612db637692bf171b649ec130c3838c30934948a86627cb0533d28e2f785278c3291f06af19e767ddea563b84cde77b8394bba92e0b620b270df9015c5f41a6a391f93fc9c5687f61788c07ced10b574de0baa7a02dcad113873a00d4eb6c1df4c8510ad943627ea809c7d2ad314d788203daef5d7197c7255d0b756316a210344e17da3d7ffc7569a4855f3feee1362a6e64a39bfb0c67428fb80517cf947bf00417ea62b31bbaaf117e45b8e1777b66c401abed2b3a57724e4e57e7fb810bff53d24c73c70667b2dea234ee09bcb234a6363d1884b784bf03b412cf9dd9dc021ef5dcae63655c352b35fe5608ef6fe1fccd57ae1c92997b42eaeab0572ff92ffa260c97b889ab443a337625c4b600cb06d063d52d2d060cfbd70f4b1c0d5ff5a48a007b9d5d2abf63f379c5758019a3e0f9448bb0b1120c14034c51e796d5d69784ab07e48302dc582f9f1919c4d12615317c0a18f7f7b733d30eb81dc492435870ab1b5bf0ab81da938ecf7178b0f4823e8019c26485be5

C:\Users\user\Favorites\Reddit.url.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	4.733814321154805
Encrypted:	false
SSDEEP:	24:p8hJZappqckkHXq+UL0lCPH8eQIPxiwGIgRU3f7wz3VZ:p4J4pIckM6JvFPgIUnBZ
MD5:	ACE895287BFA2050A8734A21248FE892
SHA1:	9E595AEA92B8F6AC7EF98407B10C6E35F2BB2127
SHA-256:	F0B2F0F5799126541031C2C4D64412D0C6260F9D3E6712707871CB031F43BF67
SHA-512:	E84E52DA21C3012686079B5090FBDC42DE39F430C740BBB039B0793B3B0F4F5AEB689AD1C0DF44AC05A4A525ADE413DAA10C2EECFF20199D1CB6FE2EA899CD86
Malicious:	false
Preview:	....VO..p..OB.C.e7=.-..#4....U...O.....i...i.9....W....]a..>.Z..=Ab?6}....R.._3.8...&_dc.....El.....e.V.<.2.......W.m"---8+8---3203f117bd5233c2eff28a350aa40dab42ec9f74024e3da6829226261a136639676fee249143b5a812c8c84c5e948507e250df74850612db637692bf171b649ec130c3838c30934948a86627cb0533d28e2f785278c3291f06af19e767ddea563b84cde77b8394bba92e0b620b270df9015c5f41a6a391f93fc9c5687f61788c07ced10b574de0baa7a02dcad113873a00d4eb6c1df4c8510ad943627ea809c7d2ad314d788203daef5d7197c7255d0b756316a210344e17da3d7ffc7569a4855f3feee1362a6e64a39bfb0c67428fb80517cf947bf00417ea62b31bbaaf117e45b8e1777b66c401abed2b3a57724e4e57e7fb810bff53d24c73c70667b2dea234ee09bcb234a6363d1884b784bf03b412cf9dd9dc021ef5dcae63655c352b35fe5608ef6fe1fccd57ae1c92997b42eaeab0572ff92ffa260c97b889ab443a337625c4b600cb06d063d52d2d060cfbd70f4b1c0d5ff5a48a007b9d5d2abf63f379c5758019a3e0f9448bb0b1120c14034c51e796d5d69784ab07e48302dc582f9f1919c4d12615317c0a18f7f7b733d30eb81dc492435870ab1b5bf0ab81da938ecf7178b0f4823e8019c26485be5

C:\Users\user\Favorites\Twitter.url.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	4.736620998431472
Encrypted:	false
SSDEEP:	24:p8hJZaLppqckkHXq+UL0lCPH8eQIPxiwGIgRU3f7wz3VZ:p4JYpIckM6JvFPgIUnBZ
MD5:	AD8429EBBB1958F50BE65DD51A5B7CDF
SHA1:	97C638AB0EBF009A782C098E0DB95ACD0E84ED28
SHA-256:	017105BD738FB3FBAEC62C4F696825A35E247CABF25C1E9E4236779200AC1119
SHA-512:	60385C37BF327B069E0A4C237001285F06B38EF8F4E2F134FCA3AA8AF3A69F7F84E305E50842225C9C459EBA94AA811F955A1410E8DA92FD9F4487290C3CE84C
Malicious:	false
Preview:	....VO..p..OB.C.e7=.-..#4....U...O.....i...i.9....W....]a..>.Z..=Ab?6}....R.._3.8...&_dc.....El.....e.V.<..${..'.e#."..---8+8---3203f117bd5233c2eff28a350aa40dab42ec9f74024e3da6829226261a136639676fee249143b5a812c8c84c5e948507e250df74850612db637692bf171b649ec130c3838c30934948a86627cb0533d28e2f785278c3291f06af19e767ddea563b84cde77b8394bba92e0b620b270df9015c5f41a6a391f93fc9c5687f61788c07ced10b574de0baa7a02dcad113873a00d4eb6c1df4c8510ad943627ea809c7d2ad314d788203daef5d7197c7255d0b756316a210344e17da3d7ffc7569a4855f3feee1362a6e64a39bfb0c67428fb80517cf947bf00417ea62b31bbaaf117e45b8e1777b66c401abed2b3a57724e4e57e7fb810bff53d24c73c70667b2dea234ee09bcb234a6363d1884b784bf03b412cf9dd9dc021ef5dcae63655c352b35fe5608ef6fe1fccd57ae1c92997b42eaeab0572ff92ffa260c97b889ab443a337625c4b600cb06d063d52d2d060cfbd70f4b1c0d5ff5a48a007b9d5d2abf63f379c5758019a3e0f9448bb0b1120c14034c51e796d5d69784ab07e48302dc582f9f1919c4d12615317c0a18f7f7b733d30eb81dc492435870ab1b5bf0ab81da938ecf7178b0f4823e8019c26485be5

C:\Users\user\Favorites\Wikipedia.url.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1180
Entropy (8bit):	4.799057864269368
Encrypted:	false
SSDEEP:	24:p8hJZHTQJppqckkHXq+UL0lCPH8eQIPxiwGIgRU3f7wz3VZ:p4JxQJpIckM6JvFPgIUnBZ
MD5:	8939AAC0393B0570319BDAB441799825
SHA1:	0DF0DE0EC5184650E5D6665EA98BBB5F66F1C753
SHA-256:	8388D004CF789416372FE330D9445C700DF63B91013EEA2B927995425111CC05
SHA-512:	48A3531652F1B35D473A5D3F8D526C8691A6DC23B6FD39796ABFDD6462D54DF8718431EB4418CF2390DF2E062FAE36F2D8C9CB1FBAAC6697BE2AE1BE9D693430
Malicious:	false
Preview:	....VO..p..OB.C.e7=.-..#4....U...O.....i...i.9....W....]a..>.Z..=Ab?6}....R.._3.8...&_dc.....El.....e.V.<...".K6...+..b."{..@.f.....%...[---8+8---3203f117bd5233c2eff28a350aa40dab42ec9f74024e3da6829226261a136639676fee249143b5a812c8c84c5e948507e250df74850612db637692bf171b649ec130c3838c30934948a86627cb0533d28e2f785278c3291f06af19e767ddea563b84cde77b8394bba92e0b620b270df9015c5f41a6a391f93fc9c5687f61788c07ced10b574de0baa7a02dcad113873a00d4eb6c1df4c8510ad943627ea809c7d2ad314d788203daef5d7197c7255d0b756316a210344e17da3d7ffc7569a4855f3feee1362a6e64a39bfb0c67428fb80517cf947bf00417ea62b31bbaaf117e45b8e1777b66c401abed2b3a57724e4e57e7fb810bff53d24c73c70667b2dea234ee09bcb234a6363d1884b784bf03b412cf9dd9dc021ef5dcae63655c352b35fe5608ef6fe1fccd57ae1c92997b42eaeab0572ff92ffa260c97b889ab443a337625c4b600cb06d063d52d2d060cfbd70f4b1c0d5ff5a48a007b9d5d2abf63f379c5758019a3e0f9448bb0b1120c14034c51e796d5d69784ab07e48302dc582f9f1919c4d12615317c0a18f7f7b733d30eb81dc492435870ab1b5bf0ab81da938ecf7178b0f48

C:\Users\user\Favorites\Youtube.url.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	4.734452702925293
Encrypted:	false
SSDEEP:	24:p8hJZ3wppqckkHXq+UL0lCPH8eQIPxiwGIgRU3f7wz3VZ:p4JSpIckM6JvFPgIUnBZ
MD5:	FC9EB89B947608558803264160625319
SHA1:	7B8FAB517ABE37B3E42D83EF36EEE5A9A35F6450
SHA-256:	49C9697AF4737ED4D454DB3780B4A76C532CA217FEFFFB40D0E3CF2EEE1B4C6B
SHA-512:	B3C436389BEA6999388A34487DFEB107C5A31496890E38F9E0B3A97B3F7F9C2E8B5A07BA68E6137AA66DF7845395A65210D2BA64639E971FC711357E16AA1EDC
Malicious:	false
Preview:	....VO..p..OB.C.e7=.-..#4....U...O.....i...i.9....W....]a..>.Z..=Ab?6}....R.._3.8...&_dc.....El.....e.V.<_}.?....t...,{.---8+8---3203f117bd5233c2eff28a350aa40dab42ec9f74024e3da6829226261a136639676fee249143b5a812c8c84c5e948507e250df74850612db637692bf171b649ec130c3838c30934948a86627cb0533d28e2f785278c3291f06af19e767ddea563b84cde77b8394bba92e0b620b270df9015c5f41a6a391f93fc9c5687f61788c07ced10b574de0baa7a02dcad113873a00d4eb6c1df4c8510ad943627ea809c7d2ad314d788203daef5d7197c7255d0b756316a210344e17da3d7ffc7569a4855f3feee1362a6e64a39bfb0c67428fb80517cf947bf00417ea62b31bbaaf117e45b8e1777b66c401abed2b3a57724e4e57e7fb810bff53d24c73c70667b2dea234ee09bcb234a6363d1884b784bf03b412cf9dd9dc021ef5dcae63655c352b35fe5608ef6fe1fccd57ae1c92997b42eaeab0572ff92ffa260c97b889ab443a337625c4b600cb06d063d52d2d060cfbd70f4b1c0d5ff5a48a007b9d5d2abf63f379c5758019a3e0f9448bb0b1120c14034c51e796d5d69784ab07e48302dc582f9f1919c4d12615317c0a18f7f7b733d30eb81dc492435870ab1b5bf0ab81da938ecf7178b0f4823e8019c26485be5

C:\Users\user\Favorites\desktop.ini.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1468
Entropy (8bit):	5.829715155460678
Encrypted:	false
SSDEEP:	24:peMRhKFrlZq6zrIEppqckkHXq+UL0lCPH8eQIPxiwGIgRU3f7wz3VZ:pbP4pZq6zBpIckM6JvFPgIUnBZ
MD5:	40B0225DFDECD804CEE8A501ED2217FA
SHA1:	543F91DEADFC7FEE0550D846F85C2CB0ED91C110
SHA-256:	43D15B97FAA5B4618959FC2A180D40B5E4C34E9C50CA9807E75114E41AA5556A
SHA-512:	C0F8EA27C304FFD69B9264B3A8B141CBEF614449774C7135196ECF3174C6C4483A8E8E77996F2EF77B3881BB798457BA9EB5C4CEAE68F1B52E409AD36727B032
Malicious:	false
Preview:	....VO..p..OB.C.)..k\Z..S.].`...<.H.."v....q.8f..'..y.;.=$[%_.B..I'v.p....l..$N}.jR.........$.q.7 ..{..e.4g.Cy..o.+}.L....I........10h.(.n.s6.....'.Z....s..6......g...._...A..<@..r#...4q.n,d...\9.\tr~.p.r....5.....K..O.`iA...^f....{.>..u...d.";.l!....R`.(....P.....H<.,s..H.o.^..4..5.q.q1..I..Vl...n...B.%Y......f.~.U.....N\`.......$.p......./..;...Vl.0.%..]T....}.kg..h.R9..L..#..,....M%....0P..N.....t....#.../}.c---8+8---3203f117bd5233c2eff28a350aa40dab42ec9f74024e3da6829226261a136639676fee249143b5a812c8c84c5e948507e250df74850612db637692bf171b649ec130c3838c30934948a86627cb0533d28e2f785278c3291f06af19e767ddea563b84cde77b8394bba92e0b620b270df9015c5f41a6a391f93fc9c5687f61788c07ced10b574de0baa7a02dcad113873a00d4eb6c1df4c8510ad943627ea809c7d2ad314d788203daef5d7197c7255d0b756316a210344e17da3d7ffc7569a4855f3feee1362a6e64a39bfb0c67428fb80517cf947bf00417ea62b31bbaaf117e45b8e1777b66c401abed2b3a57724e4e57e7fb810bff53d24c73c70667b2dea234ee09bcb234a6363d1884b784bf03b412cf9dd9dc021

C:\Users\user\Links\Desktop.lnk.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1548
Entropy (8bit):	5.994843203267586
Encrypted:	false
SSDEEP:	24:EScrI2p99+bXD6jF15cKvNV+6L+DzfPuab96ETksylieJcS4427OmYaifkr:ETIw/GDK6INV+a6fXh6RsuRJgBitsr
MD5:	2E2349D4501F89ECB0CB3368721673CF
SHA1:	FDD2B0B7DDE673DF1870E1D080618B0176175788
SHA-256:	E6FEB2A7950B2DC4C406822339B9319868B828255238DCBB17C967E1C7B1F43C
SHA-512:	B1CCFF47D94090E57C0EBC76CD37CC1FF61DED0D2AD9BC1C3309670E44603B707422759D557054245923E1D3A50C9DF02544009236D1A69AD9283FDB869A6895
Malicious:	false
Preview:	1&...Y.1.p{.^...UC..Yk....G-.)<-.D....u.Y.=)7....'.b"W.C.:-[.;H0..#..M...?..M.N.w...m........e.rB+x($...Xg.....Y..g.'..H.S.c4..D...)...M.a.;.Ca\|...\@...0...e.X<n$.....Qh.a..+........+}._{.....X...('..v.5..D..S9.G(....F...g......+x....m+...G:v_.w..t....@....mV.V~.u...Vi...'....0p..j..w.AB.h...!.Ki...(}...H.X._.../...S.Cp..g...:{o...>.+.2.%e~...L1I..as.g..O@HH6c$(.V..W.D...i`.....y...J... }z.j.........p.[g6..%tv.)...d..nS...xp.!.g.@...(;@W.]...)D...[ZJ.N}.N...~..\(\.A.M[.,....".....0@...m.7.---8+8---1a909b9f42c0830a66b6a930785252e5176e46b5ba44900634005399735b8f37cf5cb8c6078ac97f11195f86206a23e37efcd0682b3aae716fc59a66544fc36639c4ff6d6f241570bea00b15faa82ef053d69510562e93de1ba438bdc3b6b9fc89e7ba91da157e7d27d0a685338fc59c0c8dce787c6661bac9071e610b442773fd36864dcd923fc3be4d4dc5bf91d570807310453a682e0dbd78e498bc5bb983080996a17fb2f97a6531cd92f85e91b4a19b5ead0beed09f7e423e5e05c964605433d7b84b7736abced91b79cff7295617e5bc607de21cabc8c01dc4ba792eedcf119f030082872aa0f7f49b1ec98

C:\Users\user\Links\Downloads.lnk.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1996
Entropy (8bit):	6.707848975840419
Encrypted:	false
SSDEEP:	48:E0O6ZcobkmiPXlJ91wbe9INV+a6fXh6RsuRJgBitsr:y9oQm6zsbe9Ij+pXh6Dsqsr
MD5:	A862F4032BD5E5E1099C9F508D2D8EC4
SHA1:	A1BD67D5D61A08B472012B50D098017BF7681776
SHA-256:	721E06AA282EA66960907B13666838C293C57799F99A4F37B7C8F533F02E2F19
SHA-512:	7021D88F4773FC8EB36FEB5D29E7E7B9D3951E151C114103D1847CF3A32FD58FC36AE97F10530AAC49AFECF391876691D43C88DABA9ACEC12F2B3E52203AC774
Malicious:	false
Preview:	1&...Y.1.p{.^...UC..Yk....G-.)<5...)H'. .~.g..L.s.2K...rs..o..Z..&..t'e[.?K....L.=Z...d!.q.{>S1....]e..^o..j.O...r.......K3Z..........O@..,.u.t;..,Fe...jqV.1....l..a+.....d.../....'...?"7U.y..A.....#.C.W&B.v..R.....R<..Q/...........0...-.R..?%L@x@.j..."wL#^.tm..e..nP..e.....K/.[.!....P......n..}L....q.o..x.....U.oJA.~.Wm.Z...sB.Z..M..,..4{.x.....L.\.O>._.z.WP,.M.`.....i....(d.S...g...^.V...]J.._.[.9.@.........S.........J......P...Y.-&.U.]...s.+y...d.....j..(...a.._..(.%....C.8ki..........c....6.4..&...U..aC;.mf...L.u...bj0k?.......-....,.......@.]...~....G.... y.....)......D.w....o.....=.M....<.....~.u..M...z'...4...4....}R..m....E....SKs..6....,z../......G).:l.).....o...O.J.#0...G..<.Af_3..D..Mk.if+.........'....!T.Y..k...{.B.c...$..0..Oz').?vH&2..._~.2....1.Q)....{U...&.~. .3..I~O....f..`e.W.........9Py...\|j@HI...p..l.t....[....W....p..x.D.>...J....-..c.i.Iy...C.ND.,v...S.!hF.W........---8+8---1a909b9f42c0830a66b6a93078525

C:\Users\user\Links\desktop.ini.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1564
Entropy (8bit):	6.0491233097232
Encrypted:	false
SSDEEP:	24:peMRhx9VqMuG+cxppqckkHXq+UL0lCPH8eQIPxiwGIgRU3f7wz3VZ:pbPxHqjG+mpIckM6JvFPgIUnBZ
MD5:	6472987F6C0984D93937D1E22154AE82
SHA1:	F770420CA4DADFE80379EE4774A67046D81BFB75
SHA-256:	63F3ECF4B118C0A66CA24593E9138BDCDA345C5B8BFA224C39C341878605153E
SHA-512:	F575431BC50747A48BCFDB6C34714148C1986AABCB70FDEA8AB8E5DC53E27B1BC23419AADE0B5119556E77BFC0E93AF0B13E3FB5508D2E9D8477EFE9444E425E
Malicious:	false
Preview:	....VO..p..OB.C.)..k\Z..S.].`...<.H.."v....q.8f..'..y.;.=$[%_.B..I'v.p....l..$N}.jR.........$.q.7 ..{..e.4g.Cy..o.+}.L....I........10h.(.n.s6.....'.Z....s..6......g...._...aI.UG..].j...........8$)..Z(..C\..[.J.}.D....-.kZ.f....8.L...F...$&...}.}.D.....)ce.g.....HL.K.........z....G...@wx.=V+..W5.Y.].\|.~....K.`.z...-.C.._u.:`25(]l4:c..u.4..8=)l..Dh.F$...w.{..^...?.....5.!.....v...f1W.F....,.FQj..s,....#.M.,..x%..K..3.....Q^.m.S.W.G..\.4................../...[..O.....3..o;C.9.rK...].'.G.a[....+U.5g\|b.6---8+8*---3203f117bd5233c2eff28a350aa40dab42ec9f74024e3da6829226261a136639676fee249143b5a812c8c84c5e948507e250df74850612db637692bf171b649ec130c3838c30934948a86627cb0533d28e2f785278c3291f06af19e767ddea563b84cde77b8394bba92e0b620b270df9015c5f41a6a391f93fc9c5687f61788c07ced10b574de0baa7a02dcad113873a00d4eb6c1df4c8510ad943627ea809c7d2ad314d788203daef5d7197c7255d0b756316a210344e17da3d7ffc7569a4855f3feee1362a6e64a39bfb0c67428fb80517cf947bf00417ea62b31bbaaf117e45b8e1777b66c

C:\Users\user\Music\desktop.ini.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1564
Entropy (8bit):	6.026600584016434
Encrypted:	false
SSDEEP:	24:ElwO2Xt5e9/kGVTRZBJBwMWcKvNV+6L+DzfPuab96ETksylieJcS4427OmYaifkr:E6XS3TRZ/PPINV+a6fXh6RsuRJgBitsr
MD5:	30A8BE248884EB25A3F567C392D5C391
SHA1:	977B9D6453E4F13916CE56D2603012C53785542A
SHA-256:	AAC94F49EA93D26F5817562F5BEDA74D14FE762EF572DFD3686B5C2E8922DFB4
SHA-512:	35230796A5621ADCC194FD826A952DA5D66B0ED6F7C41382284CA19506DD03B9A44BBE8C588803C1F5FF34561C62DA602B5617FCA74746C14E68A7AC880CB401
Malicious:	false
Preview:	1&...Y.1.p{.^..U.........l.U.:.^..t..aw..yW.!......1.n.O0h...f.r~...N...`.!.kh..~..6F\|.u.^....{':...+".#<..P.A..@:5.........8]O,..-8k.=&...-....K~.z..2.G......[G.>......d..d.?..cl..w..^L...R..n>..0..z......;...f....Yv..`.&....0..n.'Wc+:..q..B...%s..}<.".........F.>..R.......F.K.....1212h:....e......W.S.p.(.4,>...V.,..I.~.XU....g-.(...K..y.......U...b...5..8..Y^l..=.f..S.Y.C..b/..[...YV5.U...UHVW!. "d.W.........e\|.........t...LPo.Y0.5.0..L...kQ....e}...l.E...E....B..XQ...l.]^:.m...^..%\."---8+8---1a909b9f42c0830a66b6a930785252e5176e46b5ba44900634005399735b8f37cf5cb8c6078ac97f11195f86206a23e37efcd0682b3aae716fc59a66544fc36639c4ff6d6f241570bea00b15faa82ef053d69510562e93de1ba438bdc3b6b9fc89e7ba91da157e7d27d0a685338fc59c0c8dce787c6661bac9071e610b442773fd36864dcd923fc3be4d4dc5bf91d570807310453a682e0dbd78e498bc5bb983080996a17fb2f97a6531cd92f85e91b4a19b5ead0beed09f7e423e5e05c964605433d7b84b7736abced91b79cff7295617e5bc607de21cabc8c01dc4ba792eedcf119f0300828

C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	66588
Entropy (8bit):	1.6653857086371668
Encrypted:	false
SSDEEP:	384:Jg3NfDfS7qPK19tk/lOfhHrOFqYqpkJjPw+:Jg3Nf8qg9tk/4fZcqYqUjx
MD5:	9E717A79ADAD8D0FD54D3CBC2F4A1457
SHA1:	C9F245349688CAACFBDBE0AF95540C4352464890
SHA-256:	7D6A38F1904AB955012ECEB2BFFE6BA871A9B72DEE6BDAF148A4BEECECB33058
SHA-512:	D1A2E5F088974A8F8AF9CD933354E8743C3AEC8CEA11F2824A6C1F1111AB920A3D3E326DF467DE3104E72D08BB97D18DD92B35DA6B532B37BA57867640E8D90F
Malicious:	false
Preview:	.}m....h..Q.$n.;.t...z.D>...!.r.DQC%..(...~.RMS=B.........`>..H4.NW........^....fV..1\|....=.- .&.Wv...\|!....X<QrLRK(.U`.e..... \|w.a@y..dm.e..A..........$....d......!t......N.!L4...4\|...).Z..R....d.(...$..#.^_W..6Dew.#.8.&.>..@~.D8.a....}W..5_`.+.NX....TZH...2..)..JS.1/9.[.`..ji.5..j.d.[`.\|.!..<y5fz.\|.0.c"...">.t..#X.!....h-....].%eh....G.g.5NRxC...a(.~]..-..J.#V1\|...F..'...$B.R..dl1.v.....R.....#..68..Bu.2R.s...nb.i.y#sX.H.....@km@.+;.-G..EN..k\|....(.TQa.#.A...@H.m.2..N@$.^.my$N..........J.`..3.;...U.9V.....+.!...L].....Y...k+tr.g...\..jE.:.i.k.r(+$..&ZXJ6.z<..$[..^..d.....W..^.t......._..gSe>.;.q.E....c..`..t..dQ.9i:..n..[..;..Y...0.t..t......D......H..)q.QN..9VOQT......H...(F:.p..$3...bA!.?. 9py.Z..3.7.2..P.@+.$\|.Z..B..k5..B.V.C.....V.>.o@.4.7W.....<..nw..>.........r...'.G._....n.&..x..t..9...KV.....gf.?.a[.D.....e..#.......CB...N....U.....y..A..?...]..O..=.W....x.. .E\9........G...0........e.N"...,'n...`C.a.....EH. ..!..Y=...8

C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	525340
Entropy (8bit):	1.3007380961587913
Encrypted:	false
SSDEEP:	1536:gnhyIMG7YuwPUm/AzWOztHeth9MZWUInJXBs7D0+N3:gSG7YuwPUmIzW0+th9MTAXBIZ3
MD5:	0CFF4375E0C991D74D040F0CC65AD7C0
SHA1:	DA245876A87074D30994990CDB014A1B4ACB1966
SHA-256:	B4912916E8344EC13168DA5F9D0C30AD8E2EB92622C4F94FCC0A325117023A81
SHA-512:	41BFB5ACF8DAA9EF50387B0CCF28E052551F4C36E5D1227B7440029EBA9559B7805716BA17215336768C471730F467DECB03CDD36BF7F2FDE9769CC5C2EBA413
Malicious:	false
Preview:	.J.L\|\.s..(.F.f.i$.....g~..:LR....r...6....ba.......8...5....0.....X....~.e...0..z.vr.k.2...Bm..4..].P.`..>....)\|.....7%T.3i.h...0.....y.Hi..!...0....X..W&..1....".'..[.x.........".z(....[C...?X....Z..f...........sM...../...t<....S%6...{.....[.t..,...-...g....'.W^.X..e..cg....u...J..Q.v9.}_..t..c.x..^...!.....U.y=..7...gP.#.H...-c....$eGL:.,(.9.,....3R...tB..P......Bj)..).....e...V...f..X.9.).....u-....?..NQ....\|..}..d.0S...;...!E..3<..u.W2.[`....v6...t........%....-.T.{k...m>....k\..R...\|M...2...}..g.....b...[u.?..e.j\|jj.... ...)..P...yA.....C../sg.f.P.......h!c..e.....z.......2R....^.P..m...5..D.....E.6.....B.A."X..n...D....)&.....!.....`F+....?....?xm?s.........."lW.\`.XqS.N.>.%..[..'K.....q....}...hG.....Gw6^JE..eM...->.hx...........*..E.o\Z.TJ.G.4.X...V.)...B.6k{....:..Q...3.)J.%..F...@........0..<.....Q..I2G.......]...2..z.^.....e...B....?.P'.%...p:.t......vZ0..jE.x.<...o.~...7rh...u..5.c.g...uy....44................8.`

C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	modified
Size (bytes):	525340
Entropy (8bit):	1.3005949035989106
Encrypted:	false
SSDEEP:	1536:5mVCfQm8DscM+0FSCLsnhmZRzoSDclJ5H8CNqLnabH:4Iuz0wr4D3DclLUaT
MD5:	26473E0C4BD80E11522EAE9F1A531B05
SHA1:	CDD7610B5B21E1A2226255906A4AB4D49EB331E8
SHA-256:	174984CD4EAB808E52B682922C952C6E393FCCCB144261B2B0F8EA239BC7D06B
SHA-512:	7BEC6D0C96D84A6DF2C9ADD62FA40116FA958EDC71A6DCF3BA0151B07DF7EA9B19AA2BEDA12370E912909974072D931C14B79454F038A6193A7B19E72732FD94
Malicious:	false
Preview:	.1.{.A...../....m.Q7.l..)x...C.%..7.{H.....Zo&(.0....\|g....f2v._..1<A.0.;Nt...O.'.eHW+.!.=6lZ....f....Z...?k..W.N.?..XT3...T...Y.....s...C.....gF...&..3Z..'......50@...{.......[~A+it.fK..>....."..k..t.......ml.Cy.g.S8\l.o.Z...j.~;....."......o.0.^q\|J%..?o.eur....T.7......._.....$......g..?...S.k.3OT]m>..........sP...a1a.N..{.b..zHHJ.y..'VD..'6...RI.4..A....zb}/.A.l.O..m....-hb......[l...d..L.......U.&..._./......m.<..xr...1u....w..M.Ck:....J....M<J#...$xY...J.....p...Y. ...h......._f...F.Y...-w&..?.{....={7...F.2..z...`.......L.m+...&[...r....M..........Ao>.D4...';..7,./.=..o0.....y.......~.C..C.s[.S...Yz.).>A....*..+e\..>.5..P.v.{...{.......s.7#.GHvr.....NiR..6~./.9......M....^.n..~NA.#.LB.wR.nb...%...s...0.5#...qs1..H....W.....b..........,...x.d.<fLE.F..+.$j.;..w6SU../.'E..C..............V@&%...R.R...s;.N.......P...........x.8......v.....Y.q..o"\B9.`....+.4..nd...7..?.$..K.......CxlV{m-7JSN..y.D......D]j/...M..(.............

C:\Users\user\OneDrive\desktop.ini.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1148
Entropy (8bit):	4.70064738373586
Encrypted:	false
SSDEEP:	24:EHfTWqJBcKvNV+6L+DzfPuab96ETksylieJcS4427OmYaifkr:EHfqqJCINV+a6fXh6RsuRJgBitsr
MD5:	0AD56100E16D9ED65C1CD28BF74064DA
SHA1:	7C8DE8F861EE3A55305857396A2BCBDB10B1515F
SHA-256:	A80F2D729BE3B531A3E58CEB54397E94683E5574867629309BFD7A3E46CDA794
SHA-512:	A0041BBD4BD8E7E4FDD8023362DB58400FF25B398C3FE91D469635C6E16626A8CFE998BEDED6646EC5F856938BFC1FE6E4D8144692BF2A857B0DC43EE60D99E4
Malicious:	false
Preview:	1&...Y.1.p{.^..>..,^....;.N6..W...xP.L=..I...V...%...i....5n...>.?..T..r0.]..@....W..<.... 1..wBU(w..]..!.p.n---8+8*---1a909b9f42c0830a66b6a930785252e5176e46b5ba44900634005399735b8f37cf5cb8c6078ac97f11195f86206a23e37efcd0682b3aae716fc59a66544fc36639c4ff6d6f241570bea00b15faa82ef053d69510562e93de1ba438bdc3b6b9fc89e7ba91da157e7d27d0a685338fc59c0c8dce787c6661bac9071e610b442773fd36864dcd923fc3be4d4dc5bf91d570807310453a682e0dbd78e498bc5bb983080996a17fb2f97a6531cd92f85e91b4a19b5ead0beed09f7e423e5e05c964605433d7b84b7736abced91b79cff7295617e5bc607de21cabc8c01dc4ba792eedcf119f030082872aa0f7f49b1ec98d2b66fa57b5fbced7c0ea86c2afe4b759a46293b8fe8470e175b612eece064e448f38ce2578cf8657d92cec8b1dea853687803bbd69588e56633be5c5504a3d5de21b02b274705684ae625819996dc5ff526f7d23b12591c991a539c7f026c658d6f08c64eff258c71630e36b74706a6f3b10f91f5d6901b48a2eca3c08515865e76b5d2508b942f910efe526277f45b76e1d6ff3c45494a5ef33ac8948e68b50bac864210a7006a82374be1d0d671a143223eb1066370acbbeee2a6454461fa7bead52b56c2273c

C:\Users\user\Pictures\Camera Roll\desktop.ini.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1244
Entropy (8bit):	5.105655990551572
Encrypted:	false
SSDEEP:	24:ElwO2XtiVcKvNV+6L+DzfPuab96ETksylieJcS4427OmYaifkr:E6XnINV+a6fXh6RsuRJgBitsr
MD5:	53388793C5723FECE614DAD0E25690F8
SHA1:	75E6A4B17A5B2F70033F165C3E011AD4A45056DE
SHA-256:	A319B170BAE00C90F25A9EE58D580BBE30F2EE9E7C143007093D9ED800BD0F82
SHA-512:	384D9F352D6C3D49062C133F6EE5F8D9926A43F3D057B25D50AF32A6FD4FA55F60658F2206B038784C993C96E168C2A7BA8AEAB58BBE1D7EBD4A22FEEBD038E7
Malicious:	false
Preview:	1&...Y.1.p{.^..U.........l.U.:.^..t..aw..yW.!......1.n.O0h...f.r~...N...`.!.kh..~..6F\|.u.^....{':...+".#<..P.A..@:5.........8]O,..$.....T..>k..`.,`V.r....lA.]..bR.k.]....){.n..0....t.c.b.{.x---8+8---1a909b9f42c0830a66b6a930785252e5176e46b5ba44900634005399735b8f37cf5cb8c6078ac97f11195f86206a23e37efcd0682b3aae716fc59a66544fc36639c4ff6d6f241570bea00b15faa82ef053d69510562e93de1ba438bdc3b6b9fc89e7ba91da157e7d27d0a685338fc59c0c8dce787c6661bac9071e610b442773fd36864dcd923fc3be4d4dc5bf91d570807310453a682e0dbd78e498bc5bb983080996a17fb2f97a6531cd92f85e91b4a19b5ead0beed09f7e423e5e05c964605433d7b84b7736abced91b79cff7295617e5bc607de21cabc8c01dc4ba792eedcf119f030082872aa0f7f49b1ec98d2b66fa57b5fbced7c0ea86c2afe4b759a46293b8fe8470e175b612eece064e448f38ce2578cf8657d92cec8b1dea853687803bbd69588e56633be5c5504a3d5de21b02b274705684ae625819996dc5ff526f7d23b12591c991a539c7f026c658d6f08c64eff258c71630e36b74706a6f3b10f91f5d6901b48a2eca3c08515865e76b5d2508b942f910efe526277f45b76e1d6ff3c45494a

C:\Users\user\Pictures\Saved Pictures\desktop.ini.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1244
Entropy (8bit):	5.1234995579554
Encrypted:	false
SSDEEP:	24:ElwO2Xti4PIcKvNV+6L+DzfPuab96ETksylieJcS4427OmYaifkr:E6XJPFINV+a6fXh6RsuRJgBitsr
MD5:	476D9291CDE984614E19E3EECFC96865
SHA1:	C9CED164EF009F39C482A0501BB099402DF0302F
SHA-256:	5E600F1901DFAC79DE40CD4A80A648D9A7FF2CC94BC4C35109C40EF0180BE412
SHA-512:	A5F33DADCC950A25A78DE162F62B7AB63CA9A1BF6E2B827B6314FCCC77DB9920D6E8BA13F5DD2B8F07E7B1A85E918962115CF468B0D5EA41868FF759AFFE7FF4
Malicious:	false
Preview:	1&...Y.1.p{.^..U.........l.U.:.^..t..aw..yW.!......1.n.O0h...f.r~...N...`.!.kh..~..6F\|.u.^....{':...+".#<..P.A..@:5.........8]O,..$.....T..>k..`.,`V.r....lA.]..bR.k.]....){.n..H"#i.......+...---8+8---1a909b9f42c0830a66b6a930785252e5176e46b5ba44900634005399735b8f37cf5cb8c6078ac97f11195f86206a23e37efcd0682b3aae716fc59a66544fc36639c4ff6d6f241570bea00b15faa82ef053d69510562e93de1ba438bdc3b6b9fc89e7ba91da157e7d27d0a685338fc59c0c8dce787c6661bac9071e610b442773fd36864dcd923fc3be4d4dc5bf91d570807310453a682e0dbd78e498bc5bb983080996a17fb2f97a6531cd92f85e91b4a19b5ead0beed09f7e423e5e05c964605433d7b84b7736abced91b79cff7295617e5bc607de21cabc8c01dc4ba792eedcf119f030082872aa0f7f49b1ec98d2b66fa57b5fbced7c0ea86c2afe4b759a46293b8fe8470e175b612eece064e448f38ce2578cf8657d92cec8b1dea853687803bbd69588e56633be5c5504a3d5de21b02b274705684ae625819996dc5ff526f7d23b12591c991a539c7f026c658d6f08c64eff258c71630e36b74706a6f3b10f91f5d6901b48a2eca3c08515865e76b5d2508b942f910efe526277f45b76e1d6ff3c45494a

C:\Users\user\Pictures\desktop.ini.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1564
Entropy (8bit):	6.0360114874587785
Encrypted:	false
SSDEEP:	48:E6XS5+3BfBK46WhQINV+a6fXh6RsuRJgBitsr:HXS5+KaQIj+pXh6Dsqsr
MD5:	0D15EFF81387DB9C72128FE5C610ADC5
SHA1:	E524C972D3A5ED54DC1573C6C2AAB8C7CDAAB299
SHA-256:	199BB30D5C27877849AC8AB2F4AF042C8205922E0BAA8058068BCA9C2A5472BD
SHA-512:	88398FAEB24120F0A8F7E76D9C36C4450D9B9D5DD6F3C896AE0FC380748B25741A4BBBC4E99AFEF59CF52397516312E65B89BB03ADF1AF04474B6BF1E1B99665
Malicious:	false
Preview:	1&...Y.1.p{.^..U.........l.U.:.^..t..aw..yW.!......1.n.O0h...f.r~...N...`.!.kh..~..6F\|.u.^....{':...+".#<..P.A..@:5.........8]O,..-8k.=&...-....K~.z..2.G......[Gc.......fm.-..p\Zd..]9:m\|....bg...X. ._....;F-....]..<O...zS...5`..g....,.p.i{y....w.......e.j..\|;.i..7..?..W>m.,...C+..9u+.=,r..}....'...Z......G.k/;...z.QI..!..u.....T..K.E)Jc.4..Il4;.,.&...o"7w.?...l...{...h.9.N.@..M.h..U:L.g./..[.+X6.3f.\|..2.........w.lK\|._...y..Z=v..@.sR3.R........O.n@.^A.{C.....x...aNoE......kE..iS.Q...---8+8*---1a909b9f42c0830a66b6a930785252e5176e46b5ba44900634005399735b8f37cf5cb8c6078ac97f11195f86206a23e37efcd0682b3aae716fc59a66544fc36639c4ff6d6f241570bea00b15faa82ef053d69510562e93de1ba438bdc3b6b9fc89e7ba91da157e7d27d0a685338fc59c0c8dce787c6661bac9071e610b442773fd36864dcd923fc3be4d4dc5bf91d570807310453a682e0dbd78e498bc5bb983080996a17fb2f97a6531cd92f85e91b4a19b5ead0beed09f7e423e5e05c964605433d7b84b7736abced91b79cff7295617e5bc607de21cabc8c01dc4ba792eedcf119f0300828

C:\Users\user\Saved Games\desktop.ini.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1340
Entropy (8bit):	5.4328618898269445
Encrypted:	false
SSDEEP:	24:ElwO2Xt5eBbWAScKvNV+6L+DzfPuab96ETksylieJcS4427OmYaifkr:E6XS5jINV+a6fXh6RsuRJgBitsr
MD5:	7F9E42D3A724A98683B2FEBB1C028141
SHA1:	6E78F0D72E44619B4178586CC1E744CA6EEB1424
SHA-256:	A4C737484DDA412A00F80729CBA29363A7C58379CE057E86D95BDF6E9F8BE8C8
SHA-512:	5E78AC5953CBB5751AECCDC52B3B2623F7EDFB55C790EA4B3BAE337D678568BA9DB57B64D4696EFEBF3D901EE34EF0D853E11F1EA47E34295063B76AD88A9563
Malicious:	false
Preview:	1&...Y.1.p{.^..U.........l.U.:.^..t..aw..yW.!......1.n.O0h...f.r~...N...`.!.kh..~..6F\|.u.^....{':...+".#<..P.A..@:5.........8]O,..-8k.=&...-....K~.z..2.G......[G..L.t...s..$..X.l4.I.[....1k.j..r....T1.....m.._..uu~.2{..K...b7e.&..D...x.Q..V.yk<..vD4.f0..OPW..#lo...e}..<4.....X..>.[...---8+8---1a909b9f42c0830a66b6a930785252e5176e46b5ba44900634005399735b8f37cf5cb8c6078ac97f11195f86206a23e37efcd0682b3aae716fc59a66544fc36639c4ff6d6f241570bea00b15faa82ef053d69510562e93de1ba438bdc3b6b9fc89e7ba91da157e7d27d0a685338fc59c0c8dce787c6661bac9071e610b442773fd36864dcd923fc3be4d4dc5bf91d570807310453a682e0dbd78e498bc5bb983080996a17fb2f97a6531cd92f85e91b4a19b5ead0beed09f7e423e5e05c964605433d7b84b7736abced91b79cff7295617e5bc607de21cabc8c01dc4ba792eedcf119f030082872aa0f7f49b1ec98d2b66fa57b5fbced7c0ea86c2afe4b759a46293b8fe8470e175b612eece064e448f38ce2578cf8657d92cec8b1dea853687803bbd69588e56633be5c5504a3d5de21b02b274705684ae625819996dc5ff526f7d23b12591c991a539c7f026c658d6f08c64eff258c

C:\Users\user\Searches\Everywhere.search-ms.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1308
Entropy (8bit):	5.346368768319604
Encrypted:	false
SSDEEP:	24:EqN8kITncKvNV+6L+DzfPuab96ETksylieJcS4427OmYaifkr:EqN8fTcINV+a6fXh6RsuRJgBitsr
MD5:	E4CB1E246934754DFFE58987F8779C25
SHA1:	2AD3EEFBD42EEE045D99D6DBA4D904C4E6A9D378
SHA-256:	FE77E225ACEB1A7AD856AEFB716A16BF5F43EC41D4D059FAB38C96C455D217E1
SHA-512:	F270B8038FA7CFF0F5731067B0BFC774A4EDB40CD37A8F2A327A13AAB6606A6925421073EB17603CC78CD7A10E26274F8783BF06E8EDB8FEFA40DC87014CE06D
Malicious:	false
Preview:	1&...Y.1.p{.^...v]:.ixjDi.1......Vc.!..B..j.i...%..O..M.U.N..4.....:[%.Pr[/..M....."......T.=:J...s....}$..l.t..4b?BW.sHzl8........s'2.Z.T..')..H....d......D.@.....z.z.a....t..2.6...WPw.Pvr..a1Y..`....+n1.p2.....&@Q..Z)oE@mpHLRN.......Y),.u..m42Z...GK.#..3.&.---8+8---1a909b9f42c0830a66b6a930785252e5176e46b5ba44900634005399735b8f37cf5cb8c6078ac97f11195f86206a23e37efcd0682b3aae716fc59a66544fc36639c4ff6d6f241570bea00b15faa82ef053d69510562e93de1ba438bdc3b6b9fc89e7ba91da157e7d27d0a685338fc59c0c8dce787c6661bac9071e610b442773fd36864dcd923fc3be4d4dc5bf91d570807310453a682e0dbd78e498bc5bb983080996a17fb2f97a6531cd92f85e91b4a19b5ead0beed09f7e423e5e05c964605433d7b84b7736abced91b79cff7295617e5bc607de21cabc8c01dc4ba792eedcf119f030082872aa0f7f49b1ec98d2b66fa57b5fbced7c0ea86c2afe4b759a46293b8fe8470e175b612eece064e448f38ce2578cf8657d92cec8b1dea853687803bbd69588e56633be5c5504a3d5de21b02b274705684ae625819996dc5ff526f7d23b12591c991a539c7f026c658d6f08c64eff258c71630e36b74706a6f3b10f91f5d6901b

C:\Users\user\Searches\Indexed Locations.search-ms.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1308
Entropy (8bit):	5.3537321803655065
Encrypted:	false
SSDEEP:	24:EqN8kImjFZic36cKvNV+6L+DzfPuab96ETksylieJcS4427OmYaifkr:EqN8fYyc3rINV+a6fXh6RsuRJgBitsr
MD5:	663E187E3B4EFCD7E6553A5145C94029
SHA1:	5F8DD5F65D342A80548D0F994CD2E594CE7B91FF
SHA-256:	664F16899AB8FDB2C96DF29751E1790807311E2D65FD3084483A91AF331CF8D2
SHA-512:	0105CE9E0E102D8E5FFD92A10F5D0B2DEDE196E118ABB22BCEDDE16D72767F46CFC6FF1B8B2041388D9439D03D5FC8BF3AE0BAF69AE7AB282D812A0082224CCC
Malicious:	false
Preview:	1&...Y.1.p{.^...v]:.ixjDi.1......Vc.!..B..j.i...%..O..M.U.N..4.....:[%.Pr[/..M....."......T.=:J...s....}$..l.t..4b?BW.sHzl8........s'2.Z.T..')..H....d......D.@.....z.z.a..3.<.M..2..&.i...0]..._....>u:....J4.W....z..'b:.P~..X'.\|..g...t....g.....J.B.4.....4.....---8+8---1a909b9f42c0830a66b6a930785252e5176e46b5ba44900634005399735b8f37cf5cb8c6078ac97f11195f86206a23e37efcd0682b3aae716fc59a66544fc36639c4ff6d6f241570bea00b15faa82ef053d69510562e93de1ba438bdc3b6b9fc89e7ba91da157e7d27d0a685338fc59c0c8dce787c6661bac9071e610b442773fd36864dcd923fc3be4d4dc5bf91d570807310453a682e0dbd78e498bc5bb983080996a17fb2f97a6531cd92f85e91b4a19b5ead0beed09f7e423e5e05c964605433d7b84b7736abced91b79cff7295617e5bc607de21cabc8c01dc4ba792eedcf119f030082872aa0f7f49b1ec98d2b66fa57b5fbced7c0ea86c2afe4b759a46293b8fe8470e175b612eece064e448f38ce2578cf8657d92cec8b1dea853687803bbd69588e56633be5c5504a3d5de21b02b274705684ae625819996dc5ff526f7d23b12591c991a539c7f026c658d6f08c64eff258c71630e36b74706a6f3b10f91f5d6901b

C:\Users\user\Searches\desktop.ini.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1580
Entropy (8bit):	6.075626810237119
Encrypted:	false
SSDEEP:	24:ElwO2Xt5eQVS7JrDBcKvNV+6L+DzfPuab96ETksylieJcS4427OmYaifkr:E6XSQVStruINV+a6fXh6RsuRJgBitsr
MD5:	97204AB91F5C24890134DA2B76914892
SHA1:	BDE5D4B0F88D8F48C5E9F22F01CC8F659A1E7005
SHA-256:	9A6B0811C3C655F06121107269A1266C656523A5ACD09E21F792695A7F5F126D
SHA-512:	A81638D3CD0D968F00B507A76AD29230370F550A4C408FABCA601CAC4A7355B7C334AE572A88E28D51A5F726E441B5A50B25F9F53346A9EFE706B775C6C752A9
Malicious:	false
Preview:	1&...Y.1.p{.^..U.........l.U.:.^..t..aw..yW.!......1.n.O0h...f.r~...N...`.!.kh..~..6F\|.u.^....{':...+".#<..P.A..@:5.........8]O,..-8k.=&...-....K~.z..2.G......[G).uT..7(%..F.jF.....K.....Z...sf/.!.:..GG.._5F`.J.3...m.u.N._..>..s.7Z.2...-.....1.\|/GE.@6v.i...H...z'..=.@.B...e./X%........j..+J...........UF.J@yA.....}...K{.c..8...i.h"h...UY.........i.B.d......#m,...k..y...5.Ll......Q.rh&.j.<K...'.>.r.I....J.(....E.4..By&....B.{u......-".....U.U.dg.q.......U.o...@.IHa....>...C..W.oSO.?m....v0z.`..m.W.5QA_^.m..Y.2---8+8*---1a909b9f42c0830a66b6a930785252e5176e46b5ba44900634005399735b8f37cf5cb8c6078ac97f11195f86206a23e37efcd0682b3aae716fc59a66544fc36639c4ff6d6f241570bea00b15faa82ef053d69510562e93de1ba438bdc3b6b9fc89e7ba91da157e7d27d0a685338fc59c0c8dce787c6661bac9071e610b442773fd36864dcd923fc3be4d4dc5bf91d570807310453a682e0dbd78e498bc5bb983080996a17fb2f97a6531cd92f85e91b4a19b5ead0beed09f7e423e5e05c964605433d7b84b7736abced91b79cff7295617e5bc607de21cabc8c01dc4ba792

C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1002}-.searchconnector-ms.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1916
Entropy (8bit):	6.558506609290909
Encrypted:	false
SSDEEP:	48:nxXyXHB+tMe8BvBXc1tOld5X2xS6GP5YdVmgIB1c6twg:xgB+tMekvBXMOlX6womgIBrh
MD5:	8203320258BD20D2983A5D5F7CD49D16
SHA1:	C0FFC6C4A01851C6AC0172694DC230E949673995
SHA-256:	CD8EDB10450061CDC9325AF9524B219F27CACAF81C5E07A940C589394CB2CBC3
SHA-512:	6A14392E3567ECBB5F57CAC9787AAF33A5C3E4B27F02598EA3D812DE600961670AAABCE4CC9B02D0A47DA9A54D69C28B306204A0CB89813FC31E1E3E94D112BE
Malicious:	false
Preview:	5..<...p...APU".".....E.&..F.\|.... ..>.}E.FE_"!'i8O....C...9X:.Nd..ne..SL6.'y.F(.jP..+@..H....65..`.......=.V..z;....D....6.....d2....u.F..Bt..d..rN......~^U.u<.q`=........2D...j...<..%.l.Vv..ja2J.2.M2dE....U.C....^.~]H.<efQZ.t..;..........W.<....S...W.5....,3W,.b`.......+@%..\9.v...,...o......]<..$..8NODu..5B.{L....}.!..GHq..ia.]+.&.S..C..^.{g;2..f.Wl...P{.....Rb....6.k....H.+0.Iy.Q........3q.......b7.{q.(}...:.v/....A.[FfaYK...9k...sD)..eh..:....u.D....{O.s...G...vr.....d.-.k7.2.F...pgo"....uZu....u_..U"...`7.~lT.-)....6...)_...=..M.N..."^J.)....'q<K.......u......\|H........uL%..!.2.?.....i.L.1.......%...F(.R..5...=......@..u.B....C....e.3..Go..H.2......\.3....."..!$..j.(.)6.....4$....~g1....58.R.A..m..b.l./&5.....r...N..G9..]Oj8O.M.Igw\.qL..x....l.0..i.bf..J..Z..X..:.i.e.t..q......0~..._...O...Ye.........]cG;.:......5rH.---8+8---40140d8e5d15aef6f6475545978cc203f8580f9161bba04d870f730e5ba7ff644f9330712f8ba5a2f50da44b6a6561b36d4e671df6e01

C:\Users\user\Videos\desktop.ini.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1564
Entropy (8bit):	6.011618337315646
Encrypted:	false
SSDEEP:	24:5+qQi8D9phdmgk3wiLRQtO7AeQXR/X22SS6KM1QP5QL9dVZRGzrwIB7i6c6twg:H07ByGld5X2xS6GP5YdVmgIB1c6twg
MD5:	44014116EB22CF68C67E3B3CDC008A79
SHA1:	290FB17D435A8B729845C0937322FA13C4409FED
SHA-256:	37340F14FE25110D7B9795848E95C09A7AAB152FCB682815EEC807F52DE5B870
SHA-512:	8388F525F96B4B65E43FAAA6DAFE44F9015AA648618AA968B4C657C8728CC8ED6044BA9C6BC871D77DB97EC825EB37A43E87417E0BFF5DDF7BB73A1C52C85331
Malicious:	false
Preview:	5..<...p...APU:`.6=..\.\x..L......b.....j......:..B.1cL.....O3O...s.M... 3.....0..vP....A....@..5..z..e........:.7...f....coX8$......Y.....G\.V...g...........mP...3..z...,.o.H.V=.y&H.<.$..1....;.....].g.....KA.^...e0.De.\|6.4t......W...%..Y..=.....zp..@t........V..[.0I...\.$d.n,t..9....{.p\|...........=....)..T........&.;.o..B..R.h...x.. ~`]..}.G..v..\|..V.g...x.........d..n.....q....t..j......x.]40.Z[D.K6.^........<....z:'..>.U>4`..d2...R...J..55;1.5.D..S..(...........iV...EO2....O......\|.2j....o-f---8+8*---40140d8e5d15aef6f6475545978cc203f8580f9161bba04d870f730e5ba7ff644f9330712f8ba5a2f50da44b6a6561b36d4e671df6e01c70b41d18d04792f7e992bd4a4807f3cd31769ed45515076f4d7144bdb273403f3d8abff9ff85b7703dbdc7f987a2f4567e52370e96da7fadda73d73007d972d22b51e6e68939c467e2d92d06348d2b59fde21c7233295b5d1ed80ab929533faefeb150dc68a4cc11e7ba27e9df5cceddb1b8026017e5a6974ac997718882c703a2d3ea40450c4018e8db4de12ab96406f97e7f126cbb3eb7bf5af5a4144537d4c6a23a6ccbc665329c7c5508d17aa2c

C:\Users\user\_curlrc.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1068
Entropy (8bit):	4.257508163328458
Encrypted:	false
SSDEEP:	24:uMjtO7AeQXR/X22SS6KM1QP5QL9dVZRGzrwIB7i6c6twg:umld5X2xS6GP5YdVmgIB1c6twg
MD5:	87426097DA6B76183B307BC519039566
SHA1:	14F6DAC88D5AB2E0291C4CE1CAD774C0E0176FF8
SHA-256:	4A95A59A7E18AF9C6924529DE86BCF75CE10CF296EBEB5604DE5838062B64EBF
SHA-512:	75A320546BECF2C647FF869FEF9195D24A228511E467655A89563B19F9CC8EA89AB0CAAA1247430AF8492DFD77F6A3E3B640B8F711CBFA11ED3F2CC3110CE421
Malicious:	false
Preview:	5..<...p...APU..{..D....7....---8+8---40140d8e5d15aef6f6475545978cc203f8580f9161bba04d870f730e5ba7ff644f9330712f8ba5a2f50da44b6a6561b36d4e671df6e01c70b41d18d04792f7e992bd4a4807f3cd31769ed45515076f4d7144bdb273403f3d8abff9ff85b7703dbdc7f987a2f4567e52370e96da7fadda73d73007d972d22b51e6e68939c467e2d92d06348d2b59fde21c7233295b5d1ed80ab929533faefeb150dc68a4cc11e7ba27e9df5cceddb1b8026017e5a6974ac997718882c703a2d3ea40450c4018e8db4de12ab96406f97e7f126cbb3eb7bf5af5a4144537d4c6a23a6ccbc665329c7c5508d17aa2c19811425f93874e77ffbcc31ce09dabe6e01ccf9645587c456f29ef2a56010ac09fb78f17e16d800ce4677c6c8276a54b2a72bee0aec4c2d615079939c621a7b97744a83d3d279dc8321aa8e229a2a614c74128d03cef5c7ec280620a99865a37e3e66389705b76a44d15a21ae445a2993fc2b5d53750f83880cc2c5973e76dc9dc0b46e5a28d260edc0bec526fbb7427f26d805979e411514d3979d118d16ccd1e51136aafa12c291dbcf03c0df5904c33e6fbb81e923a20da015b00c7c23c1ae844565a4cf63657bee515ff71bfcb2dcada19cedc659212a81059985e5351184a313eefcc89f9470916b5237111f830bb1f9eb99113411

C:\Users\user\ntuser.ini.invisible

Download File

Process:	C:\Users\user\Desktop\O0dZdy12ak.exe
File Type:	data
Category:	dropped
Size (bytes):	1084
Entropy (8bit):	4.328636168451305
Encrypted:	false
SSDEEP:	24:E3WgcKvNV+6L+DzfPuab96ETksylieJcS4427OmYaifkr:Em9INV+a6fXh6RsuRJgBitsr
MD5:	F8E8ECEE494221EE85A177C919DD3053
SHA1:	C4EB2A90503774E5D6F14D1D7E4E86A24A1E5A4F
SHA-256:	C7130B0094D8B852BE5D2EAB4A5A30B93FADCD055DBEE7B8F4FF0A578CFE7802
SHA-512:	F462B515CC7AD45B61D3A89D1E3EC7E2DE0986ADB75687A189720FE38A98AC74D92C96E79D14E50F509EC75D7C4BD554A420507179F04695160F38D53F33CDF7
Malicious:	false
Preview:	1&...Y.1.p{.^..C;37.F...'.v.D,..8.$...v.qQ---8+8*---1a909b9f42c0830a66b6a930785252e5176e46b5ba44900634005399735b8f37cf5cb8c6078ac97f11195f86206a23e37efcd0682b3aae716fc59a66544fc36639c4ff6d6f241570bea00b15faa82ef053d69510562e93de1ba438bdc3b6b9fc89e7ba91da157e7d27d0a685338fc59c0c8dce787c6661bac9071e610b442773fd36864dcd923fc3be4d4dc5bf91d570807310453a682e0dbd78e498bc5bb983080996a17fb2f97a6531cd92f85e91b4a19b5ead0beed09f7e423e5e05c964605433d7b84b7736abced91b79cff7295617e5bc607de21cabc8c01dc4ba792eedcf119f030082872aa0f7f49b1ec98d2b66fa57b5fbced7c0ea86c2afe4b759a46293b8fe8470e175b612eece064e448f38ce2578cf8657d92cec8b1dea853687803bbd69588e56633be5c5504a3d5de21b02b274705684ae625819996dc5ff526f7d23b12591c991a539c7f026c658d6f08c64eff258c71630e36b74706a6f3b10f91f5d6901b48a2eca3c08515865e76b5d2508b942f910efe526277f45b76e1d6ff3c45494a5ef33ac8948e68b50bac864210a7006a82374be1d0d671a143223eb1066370acbbeee2a6454461fa7bead52b56c2273c6ca76f53fed3b4b4f274749d6a49dd715cea2c51d6bb30e3eb08e41db325ab58

Static File Info

General

File type:	PE32 executable (console) Intel 80386, for MS Windows
Entropy (8bit):	0.7264836086625004
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	O0dZdy12ak.exe
File size:	6'670'336 bytes
MD5:	38fb9ac2e51d04182faf81afbef08ab8
SHA1:	1f325950a7a8e1a2050e954f33d2c3774510bd6e
SHA256:	1363c8871061ff83ed3dd0fe025b274442d5c30898c02bdfd4981717f4f33b44
SHA512:	8af5062d6d133379b0ad87439cdf99fc98bff266f03c0a831f84c0c41224c7a97e8e0a5583e8d4b24c04edd0bc6099646ebea3388ffe2fe7917b709604e63406
SSDEEP:	6144:iODh8y70MgJ+j2ZsKmj82uGBOOGHO0GL2g6VzxazESJx2sYMLoI4H4voKJ+QtDeJ:ik70MZMc0RdQtzH8lhwFbZgaOm
TLSH:	2166B44162E07B61D16B5135CECCA5FC5C9B2C901EB3FDDB29893A394AF8390E738919
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................................?...........................]r......]r......]r......mq......mqq.....mq......Rich...................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x401367
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x66B0C874 [Mon Aug 5 12:41:24 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	cb6abf8f920e409d66e2c6e1dea5c53e

Entrypoint Preview

Instruction
call 00007F4B08E39D3Dh
jmp 00007F4B08E398D9h
jmp 00007F4B08E43B61h
push ebp
mov ebp, esp
jmp 00007F4B08E39A6Fh
push dword ptr [ebp+08h]
call 00007F4B08E45686h
pop ecx
test eax, eax
je 00007F4B08E39A71h
push dword ptr [ebp+08h]
call 00007F4B08E43B31h
pop ecx
test eax, eax
je 00007F4B08E39A48h
pop ebp
ret
cmp dword ptr [ebp+08h], FFFFFFFFh
je 00007F4B08E3A127h
jmp 00007F4B08E3A104h
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
push esi
mov ecx, dword ptr [eax+3Ch]
add ecx, eax
movzx eax, word ptr [ecx+14h]
lea edx, dword ptr [ecx+18h]
add edx, eax
movzx eax, word ptr [ecx+06h]
imul esi, eax, 28h
add esi, edx
cmp edx, esi
je 00007F4B08E39A7Bh
mov ecx, dword ptr [ebp+0Ch]
cmp ecx, dword ptr [edx+0Ch]
jc 00007F4B08E39A6Ch
mov eax, dword ptr [edx+08h]
add eax, dword ptr [edx+0Ch]
cmp ecx, eax
jc 00007F4B08E39A6Eh
add edx, 28h
cmp edx, esi
jne 00007F4B08E39A4Ch
xor eax, eax
pop esi
pop ebp
ret
mov eax, edx
jmp 00007F4B08E39A5Bh
push esi
call 00007F4B08E3A2D5h
test eax, eax
je 00007F4B08E39A82h
mov eax, dword ptr fs:[00000018h]
mov esi, 0042CBA4h
mov edx, dword ptr [eax+04h]
jmp 00007F4B08E39A66h
cmp edx, eax
je 00007F4B08E39A72h
xor eax, eax
mov ecx, edx
lock cmpxchg dword ptr [esi], ecx
test eax, eax
jne 00007F4B08E39A52h
xor al, al
pop esi
ret
mov al, 01h
pop esi
ret
push ebp
mov ebp, esp
cmp dword ptr [ebp+08h], 00000000h
jne 00007F4B08E39A69h
mov byte ptr [0042CBA8h], 00000001h
call 00007F4B08E3A0C0h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2a224	0x64	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x32000	0x630e40	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x29220	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x29160	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x23000	0x230	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x2171c	0x21800	57f0dcbb47ece18e6930fbe39c57aaeb	False	0.5510508978544776	COM executable for DOS	6.637924320948062	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x23000	0x7e2a	0x8000	5d0eeab0f480bc2e366189de4e16b367	False	0.465728759765625	data	5.173086217567737	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x2b000	0x60cc	0x1c00	f101d358cd60c87b3a383fa2a079cd39	False	0.44838169642857145	DOS executable (block device driver)	4.592225112235917	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x32000	0x630e40	0x631000	8d9c13696472d4fd21d1b25d504a378f	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
AFX_DIALOG_LAYOUT	0x32338	0x2	data	English	United States	5.0
RT_BITMAP	0x32340	0x5eec28	Device independent bitmap graphic, 1920 x 1080 x 24, image size 6220800	English	United States	0.001010894775390625
RT_BITMAP	0x620f68	0x41ed8	Device independent bitmap graphic, 300 x 300 x 24, image size 270000	English	United States	0.3934972596652348
RT_DIALOG	0x32140	0x1f4	data	English	United States	0.58

Imports

DLL	Import
USER32.dll	EndPaint, GetWindowLongW, PostMessageW, SetWindowPos, FillRect, GetSystemMetrics, ShowWindow, OpenClipboard, GetDlgItemTextA, SetTimer, DrawTextA, CloseClipboard, EmptyClipboard, MessageBoxA, LoadBitmapW, SetLayeredWindowAttributes, SetClipboardData, wsprintfW, SetWindowLongW, GetClientRect, GetDlgItem, SetRect, KillTimer, SystemParametersInfoW, DialogBoxParamW, FindWindowA, LoadImageW, InvalidateRect, BeginPaint, MessageBoxW
GDI32.dll	BitBlt, CreateCompatibleBitmap, CreateFontA, SelectObject, CreateCompatibleDC, StretchBlt, GetStockObject, DeleteDC, SetTextColor, TextOutA, SetBkMode, GetObjectW, DeleteObject, CreateSolidBrush
SHELL32.dll	SHGetFolderPathA
KERNEL32.dll	FindFirstFileExW, GetFileSizeEx, WideCharToMultiByte, MultiByteToWideChar, IsValidCodePage, LCMapStringW, CompareStringW, HeapFree, HeapAlloc, GetACP, GetOEMCP, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, GetStringTypeW, GetProcessHeap, FlushFileBuffers, WriteConsoleW, HeapSize, HeapReAlloc, GetCurrentProcessId, SetStdHandle, GetCommandLineW, GetFileAttributesW, SetFileAttributesW, DeleteFileW, SizeofResource, FindFirstFileW, FindNextFileW, WriteFile, WaitForMultipleObjects, GetTempPathW, FindClose, CreateFileW, GetSystemDirectoryW, FreeResource, Sleep, LockResource, GlobalAlloc, CloseHandle, CreateThread, LoadResource, FindResourceW, GlobalLock, GetModuleHandleW, GetConsoleWindow, WinExec, GlobalUnlock, GetDriveTypeW, QueryPerformanceCounter, DecodePointer, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetCurrentProcess, TerminateProcess, GetCommandLineA, RaiseException, RtlUnwind, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, EncodePointer, SetEndOfFile, SetFilePointerEx, ReadFile, GetConsoleMode, ReadConsoleW, GetFileType, GetConsoleOutputCP, ExitProcess, GetModuleHandleExW, QueryPerformanceFrequency, GetStdHandle, GetModuleFileNameW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: O0dZdy12ak.exePID: 7504, Parent PID: 2580

General

Target ID:	0
Start time:	04:07:01
Start date:	06/10/2024
Path:	C:\Users\user\Desktop\O0dZdy12ak.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\O0dZdy12ak.exe"
Imagebase:	0x400000
File size:	6'670'336 bytes
MD5 hash:	38FB9AC2E51D04182FAF81AFBEF08AB8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 7512, Parent PID: 7504

General

Target ID:	1
Start time:	04:07:01
Start date:	06/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 7572, Parent PID: 7504

General

Target ID:	2
Start time:	04:07:02
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: taskkill.exePID: 7604, Parent PID: 7572

General

Target ID:	3
Start time:	04:07:02
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 7644, Parent PID: 7504

General

Target ID:	4
Start time:	04:07:03
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Analysis Process: taskkill.exePID: 7664, Parent PID: 7644

General

Target ID:	5
Start time:	04:07:03
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 7712, Parent PID: 7504

General

Target ID:	6
Start time:	04:07:04
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Analysis Process: taskkill.exePID: 7728, Parent PID: 7712

General

Target ID:	7
Start time:	04:07:04
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 7760, Parent PID: 7504

General

Target ID:	8
Start time:	04:07:05
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Analysis Process: taskkill.exePID: 7776, Parent PID: 7760

General

Target ID:	9
Start time:	04:07:05
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 7808, Parent PID: 7504

General

Target ID:	10
Start time:	04:07:06
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Analysis Process: taskkill.exePID: 7824, Parent PID: 7808

General

Target ID:	11
Start time:	04:07:06
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 7852, Parent PID: 7504

General

Target ID:	12
Start time:	04:07:07
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 7868, Parent PID: 7852

General

Target ID:	13
Start time:	04:07:07
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 7896, Parent PID: 7504

General

Target ID:	14
Start time:	04:07:08
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 7912, Parent PID: 7896

General

Target ID:	15
Start time:	04:07:08
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 7944, Parent PID: 7504

General

Target ID:	16
Start time:	04:07:09
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 7960, Parent PID: 7944

General

Target ID:	17
Start time:	04:07:09
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 7988, Parent PID: 7504

General

Target ID:	18
Start time:	04:07:10
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 8004, Parent PID: 7988

General

Target ID:	19
Start time:	04:07:10
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 8056, Parent PID: 7504

General

Target ID:	20
Start time:	04:07:11
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 8096, Parent PID: 8056

General

Target ID:	21
Start time:	04:07:11
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 8128, Parent PID: 7504

General

Target ID:	22
Start time:	04:07:12
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 8144, Parent PID: 8128

General

Target ID:	23
Start time:	04:07:12
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 8172, Parent PID: 7504

General

Target ID:	24
Start time:	04:07:13
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 8188, Parent PID: 8172

General

Target ID:	25
Start time:	04:07:13
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 7268, Parent PID: 7504

General

Target ID:	26
Start time:	04:07:14
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 7256, Parent PID: 7268

General

Target ID:	27
Start time:	04:07:14
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 3064, Parent PID: 7504

General

Target ID:	29
Start time:	04:07:15
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 5932, Parent PID: 3064

General

Target ID:	30
Start time:	04:07:15
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 3748, Parent PID: 7504

General

Target ID:	31
Start time:	04:07:16
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 3368, Parent PID: 3748

General

Target ID:	32
Start time:	04:07:16
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 1740, Parent PID: 7504

General

Target ID:	33
Start time:	04:07:17
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x7ff7699e0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 1136, Parent PID: 1740

General

Target ID:	34
Start time:	04:07:17
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 1848, Parent PID: 7504

General

Target ID:	35
Start time:	04:07:18
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 7312, Parent PID: 1848

General

Target ID:	36
Start time:	04:07:18
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 7608, Parent PID: 7504

General

Target ID:	37
Start time:	04:07:19
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 7572, Parent PID: 7608

General

Target ID:	38
Start time:	04:07:19
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 7688, Parent PID: 7504

General

Target ID:	39
Start time:	04:07:20
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 7664, Parent PID: 7688

General

Target ID:	40
Start time:	04:07:20
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 7776, Parent PID: 7504

General

Target ID:	43
Start time:	04:07:21
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 7760, Parent PID: 7776

General

Target ID:	44
Start time:	04:07:21
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 7824, Parent PID: 7504

General

Target ID:	45
Start time:	04:07:22
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 7808, Parent PID: 7824

General

Target ID:	46
Start time:	04:07:22
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 1704, Parent PID: 7504

General

Target ID:	47
Start time:	04:07:23
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 2536, Parent PID: 1704

General

Target ID:	48
Start time:	04:07:23
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 7872, Parent PID: 7504

General

Target ID:	49
Start time:	04:07:24
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 7860, Parent PID: 7872

General

Target ID:	50
Start time:	04:07:24
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 7916, Parent PID: 7504

General

Target ID:	51
Start time:	04:07:25
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 7904, Parent PID: 7916

General

Target ID:	52
Start time:	04:07:25
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 7968, Parent PID: 7504

General

Target ID:	53
Start time:	04:07:26
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 7964, Parent PID: 7968

General

Target ID:	54
Start time:	04:07:26
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 8016, Parent PID: 7504

General

Target ID:	55
Start time:	04:07:27
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 8004, Parent PID: 8016

General

Target ID:	56
Start time:	04:07:28
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 8120, Parent PID: 7504

General

Target ID:	57
Start time:	04:07:28
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 8100, Parent PID: 8120

General

Target ID:	58
Start time:	04:07:28
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 8152, Parent PID: 7504

General

Target ID:	59
Start time:	04:07:30
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 8144, Parent PID: 8152

General

Target ID:	60
Start time:	04:07:30
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 5700, Parent PID: 7504

General

Target ID:	61
Start time:	04:07:31
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 6680, Parent PID: 5700

General

Target ID:	62
Start time:	04:07:31
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 2812, Parent PID: 7504

General

Target ID:	63
Start time:	04:07:32
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 2664, Parent PID: 2812

General

Target ID:	64
Start time:	04:07:32
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 7260, Parent PID: 7504

General

Target ID:	65
Start time:	04:07:33
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 7196, Parent PID: 7260

General

Target ID:	66
Start time:	04:07:33
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 7280, Parent PID: 7504

General

Target ID:	67
Start time:	04:07:34
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 5740, Parent PID: 7280

General

Target ID:	68
Start time:	04:07:34
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 3064, Parent PID: 7504

General

Target ID:	69
Start time:	04:07:35
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 4464, Parent PID: 3064

General

Target ID:	70
Start time:	04:07:35
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 3320, Parent PID: 7504

General

Target ID:	71
Start time:	04:07:36
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 4320, Parent PID: 3320

General

Target ID:	72
Start time:	04:07:36
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 2640, Parent PID: 7504

General

Target ID:	73
Start time:	04:07:37
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 7424, Parent PID: 2640

General

Target ID:	74
Start time:	04:07:37
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 2424, Parent PID: 7504

General

Target ID:	75
Start time:	04:07:38
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 7520, Parent PID: 2424

General

Target ID:	76
Start time:	04:07:38
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 7220, Parent PID: 7504

General

Target ID:	77
Start time:	04:07:38
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: taskkill.exePID: 7492, Parent PID: 7220

General

Target ID:	78
Start time:	04:07:39
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /f /im mmc.exe /t
Imagebase:	0x390000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 7708, Parent PID: 7504

General

Target ID:	79
Start time:	04:07:39
Start date:	06/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Disassembly

⊘No disassembly

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of open application windows. Window listings could convey information about how the system is used.For example, information about application windows could be used identify potential data to collect as well as identifying security tooling ( Security Software Discovery ) to evade.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources. They can attempt to render stored data inaccessible by encrypting files or data on local and remote drives and withholding access to a decryption key. This may be done in order to extract monetary compensation from a victim in exchange for decryption or a decryption key (ransomware) or to render data permanently inaccessible in cases where the key is not saved or transmitted.
Tactics:	Impact
Data Sources:	Cloud Storage: Cloud Storage Modification, Command: Command Execution, File: File Creation, File: File Modification, Network Share: Network Share Access, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report O0dZdy12ak.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Spam, unwanted Advertisements and Ransom Demands

DDoS

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\Public\Documents\desktop.ini.invisible

C:\Users\Public\Downloads\desktop.ini.invisible

C:\Users\Public\Music\desktop.ini.invisible

C:\Users\Public\Pictures\desktop.ini.invisible

C:\Users\Public\Videos\desktop.ini.invisible

C:\Users\Public\desktop.ini.invisible

C:\Users\desktop.ini.invisible

C:\Users\user\.curlrc.invisible

C:\Users\user\3D Objects\desktop.ini.invisible

C:\Users\user\AppData\Local\Temp\tmp.bmp

C:\Users\user\AppData\Roaming\time.dat

C:\Users\user\Contacts\desktop.ini.invisible

C:\Users\user\Desktop\DVWHKMNFNN.png.invisible

C:\Users\user\Desktop\Excel.lnk.invisible

C:\Users\user\Desktop\HTAGVDFUIE.jpg.invisible

C:\Users\user\Desktop\HTAGVDFUIE.xlsx.invisible

C:\Users\user\Desktop\KATAXZVCPS.pdf.invisible

C:\Users\user\Desktop\KZWFNRXYKI.png.invisible

C:\Users\user\Desktop\LTKMYBSEYZ.mp3.invisible

C:\Users\user\Desktop\LTKMYBSEYZ.pdf.invisible

C:\Users\user\Desktop\O0dZdy12ak.exe.invisible

C:\Users\user\Desktop\UMMBDNEQBN.docx.invisible

C:\Users\user\Desktop\UMMBDNEQBN.xlsx.invisible

C:\Users\user\Desktop\UMMBDNEQBN\HTAGVDFUIE.xlsx.invisible

C:\Users\user\Desktop\UMMBDNEQBN\KZWFNRXYKI.png.invisible

Windows Analysis Report
O0dZdy12ak.exe