Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
NEW ORDER- 4788467.exe

Overview

General Information

Sample name:NEW ORDER- 4788467.exe
Analysis ID:1559977
MD5:1cb86400147c835af58017f0474c5bcc
SHA1:ac285cb623bf292341068dead954cfed9a1f8c81
SHA256:c35b10fc350209ec356b48282d85b18d9b9ab5c0167dc88461297906602e3d61
Tags:exeRemcosRATuser-cocaman
Infos:

Detection

Remcos
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Contains functionality to bypass UAC (CMSTPLUA)
Detected Remcos RAT
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Remcos
Sigma detected: Scheduled temp file as task from temp location
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Remcos RAT
Yara detected UAC Bypass using CMSTP
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Contains functionality to register a low level keyboard hook
Contains functionality to steal Chrome passwords or cookies
Contains functionality to steal Firefox passwords or cookies
Contains functionalty to change the wallpaper
Creates autostart registry keys with suspicious names
Delayed program exit found
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Installs a global keyboard hook
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Uses schtasks.exe or at.exe to add and modify task schedules
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to download and launch executables
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to enumerate running services
Contains functionality to launch a control a shell (cmd.exe)
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evaded block containing many API calls
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • NEW ORDER- 4788467.exe (PID: 7288 cmdline: "C:\Users\user\Desktop\NEW ORDER- 4788467.exe" MD5: 1CB86400147C835AF58017F0474C5BCC)
    • powershell.exe (PID: 7516 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mWrixkEbVc.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 7548 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmpC42D.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7580 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • NEW ORDER- 4788467.exe (PID: 7700 cmdline: "C:\Users\user\Desktop\NEW ORDER- 4788467.exe" MD5: 1CB86400147C835AF58017F0474C5BCC)
      • remcos.exe (PID: 7788 cmdline: "C:\ProgramData\Remcos\remcos.exe" MD5: 1CB86400147C835AF58017F0474C5BCC)
        • powershell.exe (PID: 8052 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mWrixkEbVc.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
          • conhost.exe (PID: 8060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • schtasks.exe (PID: 8076 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmpD8DE.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
          • conhost.exe (PID: 8096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • remcos.exe (PID: 1384 cmdline: "C:\ProgramData\Remcos\remcos.exe" MD5: 1CB86400147C835AF58017F0474C5BCC)
        • remcos.exe (PID: 2716 cmdline: "C:\ProgramData\Remcos\remcos.exe" MD5: 1CB86400147C835AF58017F0474C5BCC)
        • remcos.exe (PID: 2220 cmdline: "C:\ProgramData\Remcos\remcos.exe" MD5: 1CB86400147C835AF58017F0474C5BCC)
  • mWrixkEbVc.exe (PID: 7820 cmdline: C:\Users\user\AppData\Roaming\mWrixkEbVc.exe MD5: 1CB86400147C835AF58017F0474C5BCC)
  • remcos.exe (PID: 1304 cmdline: "C:\ProgramData\Remcos\remcos.exe" MD5: 1CB86400147C835AF58017F0474C5BCC)
    • schtasks.exe (PID: 7644 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmp414.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • remcos.exe (PID: 7548 cmdline: "C:\ProgramData\Remcos\remcos.exe" MD5: 1CB86400147C835AF58017F0474C5BCC)
  • remcos.exe (PID: 7740 cmdline: "C:\ProgramData\Remcos\remcos.exe" MD5: 1CB86400147C835AF58017F0474C5BCC)
    • schtasks.exe (PID: 3556 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmp23E1.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 5360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • remcos.exe (PID: 1648 cmdline: "C:\ProgramData\Remcos\remcos.exe" MD5: 1CB86400147C835AF58017F0474C5BCC)
  • remcos.exe (PID: 2072 cmdline: "C:\ProgramData\Remcos\remcos.exe" MD5: 1CB86400147C835AF58017F0474C5BCC)
    • schtasks.exe (PID: 2280 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmp42D3.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 3236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • remcos.exe (PID: 7672 cmdline: "C:\ProgramData\Remcos\remcos.exe" MD5: 1CB86400147C835AF58017F0474C5BCC)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Remcos, RemcosRATRemcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity.
  • APT33
  • The Gorgon Group
  • UAC-0050
https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos

Malware Configuration

Threatname: Remcos

{"Host:Port:Password": ["206.189.218.238:4782:1", "206.189.218.238:2286:1", "206.189.218.238:3363:1", "206.189.218.238:3386:1"], "Assigned name": "RemoteHost", "Connect interval": "1", "Install flag": "Enable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "Rmc-NJK093", "Keylog flag": "1", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Enable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "remcos"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\ProgramData\Remcos\logs.datJoeSecurity_RemcosYara detected Remcos RATJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000011.00000002.3790646683.00000000013B7000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
      00000016.00000002.1546311824.0000000000B87000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
        0000001E.00000002.1706489344.0000000000F97000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
          00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
            00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
              Click to see the 29 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              7.2.NEW ORDER- 4788467.exe.400000.0.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                7.2.NEW ORDER- 4788467.exe.400000.0.raw.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
                  7.2.NEW ORDER- 4788467.exe.400000.0.raw.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
                    7.2.NEW ORDER- 4788467.exe.400000.0.raw.unpackWindows_Trojan_Remcos_b296e965unknownunknown
                    • 0x6c4b8:$a1: Remcos restarted by watchdog!
                    • 0x6ca30:$a3: %02i:%02i:%02i:%03i
                    7.2.NEW ORDER- 4788467.exe.400000.0.raw.unpackREMCOS_RAT_variantsunknownunknown
                    • 0x6650c:$str_a1: C:\Windows\System32\cmd.exe
                    • 0x66488:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
                    • 0x66488:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
                    • 0x66988:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data
                    • 0x671b8:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)
                    • 0x6657c:$str_b2: Executing file:
                    • 0x675fc:$str_b3: GetDirectListeningPort
                    • 0x66fa8:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject")
                    • 0x67128:$str_b7: \update.vbs
                    • 0x665a4:$str_b9: Downloaded file:
                    • 0x66590:$str_b10: Downloading file:
                    • 0x66634:$str_b12: Failed to upload file:
                    • 0x675c4:$str_b13: StartForward
                    • 0x675e4:$str_b14: StopForward
                    • 0x67080:$str_b15: fso.DeleteFile "
                    • 0x67014:$str_b16: On Error Resume Next
                    • 0x670b0:$str_b17: fso.DeleteFolder "
                    • 0x66624:$str_b18: Uploaded file:
                    • 0x665e4:$str_b19: Unable to delete:
                    • 0x67048:$str_b20: while fso.FileExists("
                    • 0x66ac1:$str_c0: [Firefox StoredLogins not found]
                    Click to see the 30 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mWrixkEbVc.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mWrixkEbVc.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\NEW ORDER- 4788467.exe", ParentImage: C:\Users\user\Desktop\NEW ORDER- 4788467.exe, ParentProcessId: 7288, ParentProcessName: NEW ORDER- 4788467.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mWrixkEbVc.exe", ProcessId: 7516, ProcessName: powershell.exe
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\ProgramData\Remcos\remcos.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\NEW ORDER- 4788467.exe, ProcessId: 7700, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rmc-NJK093
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mWrixkEbVc.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mWrixkEbVc.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\NEW ORDER- 4788467.exe", ParentImage: C:\Users\user\Desktop\NEW ORDER- 4788467.exe, ParentProcessId: 7288, ParentProcessName: NEW ORDER- 4788467.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mWrixkEbVc.exe", ProcessId: 7516, ProcessName: powershell.exe
                    Sigma detected: Suspicious Schtasks From Env Var Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmpC42D.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmpC42D.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\NEW ORDER- 4788467.exe", ParentImage: C:\Users\user\Desktop\NEW ORDER- 4788467.exe, ParentProcessId: 7288, ParentProcessName: NEW ORDER- 4788467.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmpC42D.tmp", ProcessId: 7548, ProcessName: schtasks.exe
                    Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\ProgramData\Remcos\remcos.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\NEW ORDER- 4788467.exe, ProcessId: 7700, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Rmc-NJK093
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mWrixkEbVc.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mWrixkEbVc.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\NEW ORDER- 4788467.exe", ParentImage: C:\Users\user\Desktop\NEW ORDER- 4788467.exe, ParentProcessId: 7288, ParentProcessName: NEW ORDER- 4788467.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mWrixkEbVc.exe", ProcessId: 7516, ProcessName: powershell.exe

                    Persistence and Installation Behavior

                    barindex
                    Sigma detected: Scheduled temp file as task from temp location
                    Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmpC42D.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmpC42D.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\NEW ORDER- 4788467.exe", ParentImage: C:\Users\user\Desktop\NEW ORDER- 4788467.exe, ParentProcessId: 7288, ParentProcessName: NEW ORDER- 4788467.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmpC42D.tmp", ProcessId: 7548, ProcessName: schtasks.exe

                    Stealing of Sensitive Information

                    barindex
                    Sigma detected: Remcos
                    Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\ProgramData\Remcos\remcos.exe, ProcessId: 2220, TargetFilename: C:\ProgramData\remcos\logs.dat

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-11-21T09:01:12.116062+010020365941Malware Command and Control Activity Detected192.168.2.949727206.189.218.2384782TCP
                    2024-11-21T09:01:14.406835+010020365941Malware Command and Control Activity Detected192.168.2.949733206.189.218.2382286TCP
                    2024-11-21T09:01:16.726586+010020365941Malware Command and Control Activity Detected192.168.2.949739206.189.218.2383363TCP
                    2024-11-21T09:01:19.046724+010020365941Malware Command and Control Activity Detected192.168.2.949747206.189.218.2383386TCP
                    2024-11-21T09:01:22.419612+010020365941Malware Command and Control Activity Detected192.168.2.949756206.189.218.2384782TCP
                    2024-11-21T09:01:24.702643+010020365941Malware Command and Control Activity Detected192.168.2.949762206.189.218.2382286TCP
                    2024-11-21T09:01:27.078455+010020365941Malware Command and Control Activity Detected192.168.2.949766206.189.218.2383363TCP
                    2024-11-21T09:01:29.431053+010020365941Malware Command and Control Activity Detected192.168.2.949774206.189.218.2383386TCP
                    2024-11-21T09:01:32.718621+010020365941Malware Command and Control Activity Detected192.168.2.949782206.189.218.2384782TCP
                    2024-11-21T09:01:35.070531+010020365941Malware Command and Control Activity Detected192.168.2.949788206.189.218.2382286TCP
                    2024-11-21T09:01:37.431158+010020365941Malware Command and Control Activity Detected192.168.2.949794206.189.218.2383363TCP
                    2024-11-21T09:01:39.840162+010020365941Malware Command and Control Activity Detected192.168.2.949800206.189.218.2383386TCP
                    2024-11-21T09:01:43.218520+010020365941Malware Command and Control Activity Detected192.168.2.949809206.189.218.2384782TCP
                    2024-11-21T09:01:45.567604+010020365941Malware Command and Control Activity Detected192.168.2.949816206.189.218.2382286TCP
                    2024-11-21T09:01:47.884122+010020365941Malware Command and Control Activity Detected192.168.2.949823206.189.218.2383363TCP
                    2024-11-21T09:01:50.171728+010020365941Malware Command and Control Activity Detected192.168.2.949829206.189.218.2383386TCP
                    2024-11-21T09:01:53.471617+010020365941Malware Command and Control Activity Detected192.168.2.949835206.189.218.2384782TCP
                    2024-11-21T09:01:55.821787+010020365941Malware Command and Control Activity Detected192.168.2.949841206.189.218.2382286TCP
                    2024-11-21T09:01:58.141133+010020365941Malware Command and Control Activity Detected192.168.2.949848206.189.218.2383363TCP
                    2024-11-21T09:02:00.461429+010020365941Malware Command and Control Activity Detected192.168.2.949855206.189.218.2383386TCP
                    2024-11-21T09:02:03.790191+010020365941Malware Command and Control Activity Detected192.168.2.949865206.189.218.2384782TCP
                    2024-11-21T09:02:06.151268+010020365941Malware Command and Control Activity Detected192.168.2.949871206.189.218.2382286TCP
                    2024-11-21T09:02:08.469505+010020365941Malware Command and Control Activity Detected192.168.2.949877206.189.218.2383363TCP
                    2024-11-21T09:02:10.791865+010020365941Malware Command and Control Activity Detected192.168.2.949883206.189.218.2383386TCP
                    2024-11-21T09:02:14.089557+010020365941Malware Command and Control Activity Detected192.168.2.949891206.189.218.2384782TCP
                    2024-11-21T09:02:16.400643+010020365941Malware Command and Control Activity Detected192.168.2.949897206.189.218.2382286TCP
                    2024-11-21T09:02:30.634648+010020365941Malware Command and Control Activity Detected192.168.2.949903206.189.218.2383363TCP
                    2024-11-21T09:02:33.028740+010020365941Malware Command and Control Activity Detected192.168.2.949935206.189.218.2383386TCP
                    2024-11-21T09:02:36.362721+010020365941Malware Command and Control Activity Detected192.168.2.949945206.189.218.2384782TCP
                    2024-11-21T09:02:38.686686+010020365941Malware Command and Control Activity Detected192.168.2.949951206.189.218.2382286TCP
                    2024-11-21T09:02:41.039299+010020365941Malware Command and Control Activity Detected192.168.2.949957206.189.218.2383363TCP
                    2024-11-21T09:02:43.326465+010020365941Malware Command and Control Activity Detected192.168.2.949963206.189.218.2383386TCP
                    2024-11-21T09:02:46.653536+010020365941Malware Command and Control Activity Detected192.168.2.949971206.189.218.2384782TCP
                    2024-11-21T09:02:49.027131+010020365941Malware Command and Control Activity Detected192.168.2.949977206.189.218.2382286TCP
                    2024-11-21T09:02:51.400332+010020365941Malware Command and Control Activity Detected192.168.2.949983206.189.218.2383363TCP
                    2024-11-21T09:02:53.790107+010020365941Malware Command and Control Activity Detected192.168.2.949988206.189.218.2383386TCP
                    2024-11-21T09:02:57.103929+010020365941Malware Command and Control Activity Detected192.168.2.949997206.189.218.2384782TCP
                    2024-11-21T09:02:59.435800+010020365941Malware Command and Control Activity Detected192.168.2.950002206.189.218.2382286TCP
                    2024-11-21T09:03:01.802885+010020365941Malware Command and Control Activity Detected192.168.2.950008206.189.218.2383363TCP
                    2024-11-21T09:03:04.095535+010020365941Malware Command and Control Activity Detected192.168.2.950014206.189.218.2383386TCP
                    2024-11-21T09:03:07.603550+010020365941Malware Command and Control Activity Detected192.168.2.950019206.189.218.2384782TCP
                    2024-11-21T09:03:09.938728+010020365941Malware Command and Control Activity Detected192.168.2.950020206.189.218.2382286TCP
                    2024-11-21T09:03:12.290125+010020365941Malware Command and Control Activity Detected192.168.2.950021206.189.218.2383363TCP
                    2024-11-21T09:03:14.805730+010020365941Malware Command and Control Activity Detected192.168.2.950022206.189.218.2383386TCP
                    2024-11-21T09:03:18.139521+010020365941Malware Command and Control Activity Detected192.168.2.950023206.189.218.2384782TCP
                    2024-11-21T09:03:20.420351+010020365941Malware Command and Control Activity Detected192.168.2.950024206.189.218.2382286TCP
                    2024-11-21T09:03:22.752279+010020365941Malware Command and Control Activity Detected192.168.2.950025206.189.218.2383363TCP
                    2024-11-21T09:03:25.122532+010020365941Malware Command and Control Activity Detected192.168.2.950026206.189.218.2383386TCP
                    2024-11-21T09:03:28.466853+010020365941Malware Command and Control Activity Detected192.168.2.950027206.189.218.2384782TCP
                    2024-11-21T09:03:30.786880+010020365941Malware Command and Control Activity Detected192.168.2.950028206.189.218.2382286TCP
                    2024-11-21T09:03:33.138555+010020365941Malware Command and Control Activity Detected192.168.2.950029206.189.218.2383363TCP
                    2024-11-21T09:03:35.462766+010020365941Malware Command and Control Activity Detected192.168.2.950030206.189.218.2383386TCP
                    2024-11-21T09:03:38.830108+010020365941Malware Command and Control Activity Detected192.168.2.950031206.189.218.2384782TCP
                    2024-11-21T09:03:41.157912+010020365941Malware Command and Control Activity Detected192.168.2.950032206.189.218.2382286TCP
                    2024-11-21T09:03:43.472591+010020365941Malware Command and Control Activity Detected192.168.2.950033206.189.218.2383363TCP
                    2024-11-21T09:03:45.824973+010020365941Malware Command and Control Activity Detected192.168.2.950034206.189.218.2383386TCP
                    2024-11-21T09:03:49.213473+010020365941Malware Command and Control Activity Detected192.168.2.950035206.189.218.2384782TCP
                    2024-11-21T09:03:51.554810+010020365941Malware Command and Control Activity Detected192.168.2.950036206.189.218.2382286TCP
                    2024-11-21T09:03:53.906631+010020365941Malware Command and Control Activity Detected192.168.2.950037206.189.218.2383363TCP
                    2024-11-21T09:03:56.262693+010020365941Malware Command and Control Activity Detected192.168.2.950038206.189.218.2383386TCP
                    2024-11-21T09:03:59.658792+010020365941Malware Command and Control Activity Detected192.168.2.950039206.189.218.2384782TCP
                    2024-11-21T09:04:01.988085+010020365941Malware Command and Control Activity Detected192.168.2.950040206.189.218.2382286TCP
                    2024-11-21T09:04:04.325179+010020365941Malware Command and Control Activity Detected192.168.2.950041206.189.218.2383363TCP
                    2024-11-21T09:04:06.690829+010020365941Malware Command and Control Activity Detected192.168.2.950042206.189.218.2383386TCP
                    2024-11-21T09:04:10.063613+010020365941Malware Command and Control Activity Detected192.168.2.950043206.189.218.2384782TCP
                    2024-11-21T09:04:12.426769+010020365941Malware Command and Control Activity Detected192.168.2.950044206.189.218.2382286TCP
                    2024-11-21T09:04:14.736067+010020365941Malware Command and Control Activity Detected192.168.2.950045206.189.218.2383363TCP
                    2024-11-21T09:04:17.112416+010020365941Malware Command and Control Activity Detected192.168.2.950046206.189.218.2383386TCP
                    2024-11-21T09:04:20.470551+010020365941Malware Command and Control Activity Detected192.168.2.950047206.189.218.2384782TCP
                    2024-11-21T09:04:22.783727+010020365941Malware Command and Control Activity Detected192.168.2.950048206.189.218.2382286TCP
                    2024-11-21T09:04:25.113557+010020365941Malware Command and Control Activity Detected192.168.2.950049206.189.218.2383363TCP
                    2024-11-21T09:04:27.430801+010020365941Malware Command and Control Activity Detected192.168.2.950050206.189.218.2383386TCP
                    2024-11-21T09:04:30.776957+010020365941Malware Command and Control Activity Detected192.168.2.950051206.189.218.2384782TCP
                    2024-11-21T09:04:33.094239+010020365941Malware Command and Control Activity Detected192.168.2.950052206.189.218.2382286TCP
                    2024-11-21T09:04:35.446822+010020365941Malware Command and Control Activity Detected192.168.2.950053206.189.218.2383363TCP
                    2024-11-21T09:04:37.811352+010020365941Malware Command and Control Activity Detected192.168.2.950054206.189.218.2383386TCP
                    2024-11-21T09:04:41.154008+010020365941Malware Command and Control Activity Detected192.168.2.950055206.189.218.2384782TCP
                    2024-11-21T09:04:43.442297+010020365941Malware Command and Control Activity Detected192.168.2.950056206.189.218.2382286TCP
                    2024-11-21T09:04:45.797400+010020365941Malware Command and Control Activity Detected192.168.2.950057206.189.218.2383363TCP
                    2024-11-21T09:04:48.083502+010020365941Malware Command and Control Activity Detected192.168.2.950058206.189.218.2383386TCP
                    2024-11-21T09:04:51.458491+010020365941Malware Command and Control Activity Detected192.168.2.950059206.189.218.2384782TCP
                    2024-11-21T09:04:53.781589+010020365941Malware Command and Control Activity Detected192.168.2.950060206.189.218.2382286TCP
                    2024-11-21T09:04:56.080805+010020365941Malware Command and Control Activity Detected192.168.2.950061206.189.218.2383363TCP
                    2024-11-21T09:04:58.397919+010020365941Malware Command and Control Activity Detected192.168.2.950062206.189.218.2383386TCP
                    2024-11-21T09:05:01.767333+010020365941Malware Command and Control Activity Detected192.168.2.950063206.189.218.2384782TCP
                    2024-11-21T09:05:04.069594+010020365941Malware Command and Control Activity Detected192.168.2.950064206.189.218.2382286TCP
                    2024-11-21T09:05:06.400864+010020365941Malware Command and Control Activity Detected192.168.2.950065206.189.218.2383363TCP
                    2024-11-21T09:05:09.290026+010020365941Malware Command and Control Activity Detected192.168.2.950066206.189.218.2383386TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 00000011.00000002.3790646683.00000000013B7000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Remcos {"Host:Port:Password": ["206.189.218.238:4782:1", "206.189.218.238:2286:1", "206.189.218.238:3363:1", "206.189.218.238:3386:1"], "Assigned name": "RemoteHost", "Connect interval": "1", "Install flag": "Enable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "Rmc-NJK093", "Keylog flag": "1", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Enable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "remcos"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\ProgramData\Remcos\remcos.exeReversingLabs: Detection: 68%
                    Source: C:\ProgramData\Remcos\remcos.exeVirustotal: Detection: 43%Perma Link
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeReversingLabs: Detection: 68%
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeVirustotal: Detection: 43%Perma Link
                    Multi AV Scanner detection for submitted file
                    Source: NEW ORDER- 4788467.exeReversingLabs: Detection: 68%
                    Source: NEW ORDER- 4788467.exeVirustotal: Detection: 43%Perma Link
                    Yara detected Remcos RAT
                    Source: Yara matchFile source: 7.2.NEW ORDER- 4788467.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.NEW ORDER- 4788467.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NEW ORDER- 4788467.exe.4c7ed60.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NEW ORDER- 4788467.exe.4c06140.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NEW ORDER- 4788467.exe.4c7ed60.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NEW ORDER- 4788467.exe.4c06140.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000011.00000002.3790646683.00000000013B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000002.1546311824.0000000000B87000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001E.00000002.1706489344.0000000000F97000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.1385949758.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000011.00000002.3792155314.0000000002FAF000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000002.1627153891.0000000001197000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1405920482.0000000004C06000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: NEW ORDER- 4788467.exe PID: 7288, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: NEW ORDER- 4788467.exe PID: 7700, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 2220, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 7548, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 1648, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 7672, type: MEMORYSTR
                    Source: Yara matchFile source: C:\ProgramData\Remcos\logs.dat, type: DROPPED
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeJoe Sandbox ML: detected
                    Source: C:\ProgramData\Remcos\remcos.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: NEW ORDER- 4788467.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_004338C8 CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,7_2_004338C8
                    Source: NEW ORDER- 4788467.exe, 00000000.00000002.1405920482.0000000004C06000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_25be4773-a

                    Exploits

                    barindex
                    Yara detected UAC Bypass using CMSTP
                    Source: Yara matchFile source: 7.2.NEW ORDER- 4788467.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.NEW ORDER- 4788467.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NEW ORDER- 4788467.exe.4c7ed60.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NEW ORDER- 4788467.exe.4c06140.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NEW ORDER- 4788467.exe.4c7ed60.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NEW ORDER- 4788467.exe.4c06140.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1405920482.0000000004C06000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: NEW ORDER- 4788467.exe PID: 7288, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: NEW ORDER- 4788467.exe PID: 7700, type: MEMORYSTR

                    Privilege Escalation

                    barindex
                    Contains functionality to bypass UAC (CMSTPLUA)
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00407538 _wcslen,CoGetObject,7_2_00407538
                    Source: NEW ORDER- 4788467.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: NEW ORDER- 4788467.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: OAEA.pdbSHA256 source: NEW ORDER- 4788467.exe
                    Source: Binary string: OAEA.pdb source: NEW ORDER- 4788467.exe
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0040928E __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose,7_2_0040928E
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0041C322 FindFirstFileW,FindNextFileW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose,7_2_0041C322
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0040C388 FindFirstFileW,PathFileExistsW,FindNextFileW,FindClose,FindClose,7_2_0040C388
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_004096A0 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose,7_2_004096A0
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00408847 __EH_prolog,FindFirstFileW,__CxxThrowException@8,FindNextFileW,FindClose,7_2_00408847
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00407877 FindFirstFileW,FindNextFileW,7_2_00407877
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0044E8F9 FindFirstFileExA,7_2_0044E8F9
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0040BB6B FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose,7_2_0040BB6B
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00419B86 FindFirstFileW,FindNextFileW,FindNextFileW,7_2_00419B86
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0040BD72 FindFirstFileA,FindClose,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose,7_2_0040BD72
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00407CD2 SetEvent,GetFileAttributesW,DeleteFileW,ShellExecuteW,GetLogicalDriveStringsA,SetFileAttributesW,DeleteFileA,Sleep,StrToIntA,CreateDirectoryW,7_2_00407CD2
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 4x nop then jmp 07754685h0_2_07754C0E
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 4x nop then jmp 077D3C35h8_2_077D41BE
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 4x nop then jmp 076A3955h19_2_076A3EDE
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 4x nop then jmp 08823955h23_2_08823EDE
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 4x nop then jmp 0AEC3955h27_2_0AEC3EDE

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49756 -> 206.189.218.238:4782
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49727 -> 206.189.218.238:4782
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49733 -> 206.189.218.238:2286
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49766 -> 206.189.218.238:3363
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49747 -> 206.189.218.238:3386
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49782 -> 206.189.218.238:4782
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49774 -> 206.189.218.238:3386
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49762 -> 206.189.218.238:2286
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49794 -> 206.189.218.238:3363
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49816 -> 206.189.218.238:2286
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49788 -> 206.189.218.238:2286
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49809 -> 206.189.218.238:4782
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49835 -> 206.189.218.238:4782
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49739 -> 206.189.218.238:3363
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49829 -> 206.189.218.238:3386
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49848 -> 206.189.218.238:3363
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49841 -> 206.189.218.238:2286
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49823 -> 206.189.218.238:3363
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49865 -> 206.189.218.238:4782
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49855 -> 206.189.218.238:3386
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49877 -> 206.189.218.238:3363
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49871 -> 206.189.218.238:2286
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49897 -> 206.189.218.238:2286
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49800 -> 206.189.218.238:3386
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49891 -> 206.189.218.238:4782
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49883 -> 206.189.218.238:3386
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49935 -> 206.189.218.238:3386
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49945 -> 206.189.218.238:4782
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49951 -> 206.189.218.238:2286
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49957 -> 206.189.218.238:3363
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49963 -> 206.189.218.238:3386
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49971 -> 206.189.218.238:4782
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49977 -> 206.189.218.238:2286
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49983 -> 206.189.218.238:3363
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49988 -> 206.189.218.238:3386
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49997 -> 206.189.218.238:4782
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50002 -> 206.189.218.238:2286
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:49903 -> 206.189.218.238:3363
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50019 -> 206.189.218.238:4782
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50021 -> 206.189.218.238:3363
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50020 -> 206.189.218.238:2286
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50023 -> 206.189.218.238:4782
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50027 -> 206.189.218.238:4782
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50029 -> 206.189.218.238:3363
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50025 -> 206.189.218.238:3363
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50033 -> 206.189.218.238:3363
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50038 -> 206.189.218.238:3386
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50037 -> 206.189.218.238:3363
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50024 -> 206.189.218.238:2286
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50008 -> 206.189.218.238:3363
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50030 -> 206.189.218.238:3386
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50031 -> 206.189.218.238:4782
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50042 -> 206.189.218.238:3386
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50044 -> 206.189.218.238:2286
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50036 -> 206.189.218.238:2286
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50032 -> 206.189.218.238:2286
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50034 -> 206.189.218.238:3386
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50040 -> 206.189.218.238:2286
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50050 -> 206.189.218.238:3386
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50039 -> 206.189.218.238:4782
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50026 -> 206.189.218.238:3386
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50057 -> 206.189.218.238:3363
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50052 -> 206.189.218.238:2286
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50022 -> 206.189.218.238:3386
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50058 -> 206.189.218.238:3386
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50053 -> 206.189.218.238:3363
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50060 -> 206.189.218.238:2286
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50055 -> 206.189.218.238:4782
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50047 -> 206.189.218.238:4782
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50056 -> 206.189.218.238:2286
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50035 -> 206.189.218.238:4782
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50045 -> 206.189.218.238:3363
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50054 -> 206.189.218.238:3386
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50041 -> 206.189.218.238:3363
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50043 -> 206.189.218.238:4782
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50059 -> 206.189.218.238:4782
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50061 -> 206.189.218.238:3363
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50046 -> 206.189.218.238:3386
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50066 -> 206.189.218.238:3386
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50065 -> 206.189.218.238:3363
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50063 -> 206.189.218.238:4782
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50014 -> 206.189.218.238:3386
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50051 -> 206.189.218.238:4782
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50062 -> 206.189.218.238:3386
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50048 -> 206.189.218.238:2286
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50028 -> 206.189.218.238:2286
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50064 -> 206.189.218.238:2286
                    Source: Network trafficSuricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.9:50049 -> 206.189.218.238:3363
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorIPs: 206.189.218.238
                    Source: Malware configuration extractorIPs: 206.189.218.238
                    Source: Malware configuration extractorIPs: 206.189.218.238
                    Source: Malware configuration extractorIPs: 206.189.218.238
                    Connects to many ports of the same IP (likely port scanning)
                    Source: global trafficTCP traffic: 206.189.218.238 ports 4782,2286,3386,3363,2,4,7,8
                    Source: global trafficTCP traffic: 192.168.2.9:49727 -> 206.189.218.238:4782
                    Source: Joe Sandbox ViewASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 206.189.218.238
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0041B411 InternetOpenW,InternetOpenUrlW,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,7_2_0041B411
                    Source: NEW ORDER- 4788467.exeString found in binary or memory: http://geoplugin.net/json.gp
                    Source: NEW ORDER- 4788467.exe, 00000000.00000002.1405920482.0000000004C06000.00000004.00000800.00020000.00000000.sdmp, NEW ORDER- 4788467.exe, 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://geoplugin.net/json.gp/C
                    Source: NEW ORDER- 4788467.exe, 00000000.00000002.1405177337.0000000003167000.00000004.00000800.00020000.00000000.sdmp, remcos.exe, 00000008.00000002.1457852593.0000000003427000.00000004.00000800.00020000.00000000.sdmp, remcos.exe, 00000013.00000002.1570075548.00000000034BA000.00000004.00000800.00020000.00000000.sdmp, remcos.exe, 00000017.00000002.1650806723.00000000032E9000.00000004.00000800.00020000.00000000.sdmp, remcos.exe, 0000001B.00000002.1731378452.0000000002E39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: NEW ORDER- 4788467.exeString found in binary or memory: http://tempuri.org/project_mgtDataSet.xsdOproject_mgt_system.Properties.Resources

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to register a low level keyboard hook
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0040A2F3 SetWindowsHookExA 0000000D,0040A2DF,000000007_2_0040A2F3
                    Installs a global keyboard hook
                    Source: C:\ProgramData\Remcos\remcos.exeWindows user hook set: 0 keyboard low level C:\ProgramData\Remcos\remcos.exe
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0040B749 OpenClipboard,GetClipboardData,CloseClipboard,7_2_0040B749
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_004168FC OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,7_2_004168FC
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0040B749 OpenClipboard,GetClipboardData,CloseClipboard,7_2_0040B749
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0040A41B GetForegroundWindow,GetWindowThreadProcessId,GetKeyboardLayout,GetKeyState,GetKeyboardState,ToUnicodeEx,ToUnicodeEx,ToUnicodeEx,ToUnicodeEx,7_2_0040A41B
                    Source: Yara matchFile source: 7.2.NEW ORDER- 4788467.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.NEW ORDER- 4788467.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NEW ORDER- 4788467.exe.4c7ed60.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NEW ORDER- 4788467.exe.4c06140.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NEW ORDER- 4788467.exe.4c7ed60.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NEW ORDER- 4788467.exe.4c06140.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1405920482.0000000004C06000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: NEW ORDER- 4788467.exe PID: 7288, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: NEW ORDER- 4788467.exe PID: 7700, type: MEMORYSTR

                    E-Banking Fraud

                    barindex
                    Yara detected Remcos RAT
                    Source: Yara matchFile source: 7.2.NEW ORDER- 4788467.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.NEW ORDER- 4788467.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NEW ORDER- 4788467.exe.4c7ed60.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NEW ORDER- 4788467.exe.4c06140.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NEW ORDER- 4788467.exe.4c7ed60.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NEW ORDER- 4788467.exe.4c06140.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000011.00000002.3790646683.00000000013B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000002.1546311824.0000000000B87000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001E.00000002.1706489344.0000000000F97000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.1385949758.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000011.00000002.3792155314.0000000002FAF000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000002.1627153891.0000000001197000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1405920482.0000000004C06000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: NEW ORDER- 4788467.exe PID: 7288, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: NEW ORDER- 4788467.exe PID: 7700, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 2220, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 7548, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 1648, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 7672, type: MEMORYSTR
                    Source: Yara matchFile source: C:\ProgramData\Remcos\logs.dat, type: DROPPED

                    Spam, unwanted Advertisements and Ransom Demands

                    barindex
                    Contains functionalty to change the wallpaper
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0041CA73 SystemParametersInfoW,7_2_0041CA73

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 7.2.NEW ORDER- 4788467.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                    Source: 7.2.NEW ORDER- 4788467.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 7.2.NEW ORDER- 4788467.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                    Source: 7.2.NEW ORDER- 4788467.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                    Source: 7.2.NEW ORDER- 4788467.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 7.2.NEW ORDER- 4788467.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                    Source: 0.2.NEW ORDER- 4788467.exe.4c7ed60.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                    Source: 0.2.NEW ORDER- 4788467.exe.4c7ed60.1.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 0.2.NEW ORDER- 4788467.exe.4c7ed60.1.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                    Source: 0.2.NEW ORDER- 4788467.exe.4c06140.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                    Source: 0.2.NEW ORDER- 4788467.exe.4c06140.3.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 0.2.NEW ORDER- 4788467.exe.4c06140.3.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                    Source: 0.2.NEW ORDER- 4788467.exe.4c7ed60.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                    Source: 0.2.NEW ORDER- 4788467.exe.4c7ed60.1.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 0.2.NEW ORDER- 4788467.exe.4c7ed60.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                    Source: 0.2.NEW ORDER- 4788467.exe.4c06140.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                    Source: 0.2.NEW ORDER- 4788467.exe.4c06140.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                    Source: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                    Source: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Author: unknown
                    Source: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                    Source: 00000000.00000002.1405920482.0000000004C06000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                    Source: Process Memory Space: NEW ORDER- 4788467.exe PID: 7288, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                    Source: Process Memory Space: NEW ORDER- 4788467.exe PID: 7700, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                    Initial sample is a PE file and has a suspicious name
                    Source: initial sampleStatic PE information: Filename: NEW ORDER- 4788467.exe
                    Source: C:\ProgramData\Remcos\remcos.exeProcess Stats: CPU usage > 49%
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_004167EF ExitWindowsEx,LoadLibraryA,GetProcAddress,7_2_004167EF
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 0_2_02EED57C0_2_02EED57C
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 0_2_075D34B80_2_075D34B8
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 0_2_075D21060_2_075D2106
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 0_2_075D66780_2_075D6678
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 0_2_075D66690_2_075D6669
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 0_2_075D34A80_2_075D34A8
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 0_2_075DA3D80_2_075DA3D8
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 0_2_077563E80_2_077563E8
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 0_2_07750CA00_2_07750CA0
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 0_2_07750C900_2_07750C90
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 0_2_077502A00_2_077502A0
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0043706A7_2_0043706A
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_004140057_2_00414005
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0043E11C7_2_0043E11C
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_004541D97_2_004541D9
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_004381E87_2_004381E8
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0041F18B7_2_0041F18B
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_004462707_2_00446270
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0043E34B7_2_0043E34B
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_004533AB7_2_004533AB
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0042742E7_2_0042742E
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_004375667_2_00437566
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0043E5A87_2_0043E5A8
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_004387F07_2_004387F0
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0043797E7_2_0043797E
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_004339D77_2_004339D7
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0044DA497_2_0044DA49
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00427AD77_2_00427AD7
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0041DBF37_2_0041DBF3
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00427C407_2_00427C40
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00437DB37_2_00437DB3
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00435EEB7_2_00435EEB
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0043DEED7_2_0043DEED
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00426E9F7_2_00426E9F
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 8_2_0336D57C8_2_0336D57C
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 8_2_077B34B88_2_077B34B8
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 8_2_077B21068_2_077B2106
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 8_2_077B66788_2_077B6678
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 8_2_077B66698_2_077B6669
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 8_2_077BF4888_2_077BF488
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 8_2_077D5A638_2_077D5A63
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 8_2_077D0CA08_2_077D0CA0
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 8_2_077D0C908_2_077D0C90
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 8_2_077D02A08_2_077D02A0
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeCode function: 9_2_013FD57C9_2_013FD57C
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeCode function: 9_2_059AE9789_2_059AE978
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeCode function: 9_2_059AB12C9_2_059AB12C
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeCode function: 9_2_059AD8689_2_059AD868
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeCode function: 9_2_085821069_2_08582106
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeCode function: 9_2_085834B89_2_085834B8
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeCode function: 9_2_085834A89_2_085834A8
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeCode function: 9_2_085866789_2_08586678
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeCode function: 9_2_085866699_2_08586669
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeCode function: 9_2_0B022DD09_2_0B022DD0
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeCode function: 9_2_0B0202A09_2_0B0202A0
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeCode function: 9_2_0B020C909_2_0B020C90
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeCode function: 9_2_0B020CA09_2_0B020CA0
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 19_2_018DD57C19_2_018DD57C
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 19_2_058CE97819_2_058CE978
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 19_2_058CB12C19_2_058CB12C
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 19_2_058CB12019_2_058CB120
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 19_2_058CD86819_2_058CD868
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 19_2_076834B819_2_076834B8
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 19_2_0768210619_2_07682106
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 19_2_0768666919_2_07686669
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 19_2_0768667819_2_07686678
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 19_2_076834A819_2_076834A8
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 19_2_0768F48819_2_0768F488
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 19_2_076A56CC19_2_076A56CC
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 19_2_076A0CA019_2_076A0CA0
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 19_2_076A0C9C19_2_076A0C9C
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 19_2_076A0C9019_2_076A0C90
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 19_2_076A02A019_2_076A02A0
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_0189D57C23_2_0189D57C
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_0561E97823_2_0561E978
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_0561B12C23_2_0561B12C
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_0561D86823_2_0561D868
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_0874210623_2_08742106
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_087434B823_2_087434B8
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_087434A823_2_087434A8
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_0874F48823_2_0874F488
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_0874667823_2_08746678
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_0874666923_2_08746669
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_088256C023_2_088256C0
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_088202A023_2_088202A0
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_08820C9023_2_08820C90
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_08820CA023_2_08820CA0
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 27_2_0133D57C27_2_0133D57C
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 27_2_052BE97827_2_052BE978
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 27_2_052BB12B27_2_052BB12B
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 27_2_052BB12C27_2_052BB12C
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 27_2_052BD86827_2_052BD868
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 27_2_071C34B827_2_071C34B8
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 27_2_071C210627_2_071C2106
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 27_2_071C667827_2_071C6678
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 27_2_071C666927_2_071C6669
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 27_2_071CF48827_2_071CF488
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 27_2_071C34A827_2_071C34A8
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 27_2_0AEC56C027_2_0AEC56C0
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 27_2_0AEC02A027_2_0AEC02A0
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 27_2_0AEC0CA027_2_0AEC0CA0
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 27_2_0AEC0C9027_2_0AEC0C90
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: String function: 00402093 appears 50 times
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: String function: 00401E65 appears 34 times
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: String function: 00434E70 appears 54 times
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: String function: 00434801 appears 41 times
                    Source: NEW ORDER- 4788467.exe, 00000000.00000002.1402968671.0000000000F2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs NEW ORDER- 4788467.exe
                    Source: NEW ORDER- 4788467.exe, 00000000.00000002.1410357000.00000000090B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs NEW ORDER- 4788467.exe
                    Source: NEW ORDER- 4788467.exe, 00000000.00000002.1405920482.0000000004222000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs NEW ORDER- 4788467.exe
                    Source: NEW ORDER- 4788467.exe, 00000000.00000000.1329328470.0000000000B46000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameOAEA.exeP vs NEW ORDER- 4788467.exe
                    Source: NEW ORDER- 4788467.exe, 00000000.00000002.1408739154.0000000005A90000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs NEW ORDER- 4788467.exe
                    Source: NEW ORDER- 4788467.exe, 00000000.00000002.1405177337.00000000030F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs NEW ORDER- 4788467.exe
                    Source: NEW ORDER- 4788467.exeBinary or memory string: OriginalFilenameOAEA.exeP vs NEW ORDER- 4788467.exe
                    Source: NEW ORDER- 4788467.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 7.2.NEW ORDER- 4788467.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                    Source: 7.2.NEW ORDER- 4788467.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 7.2.NEW ORDER- 4788467.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                    Source: 7.2.NEW ORDER- 4788467.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                    Source: 7.2.NEW ORDER- 4788467.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 7.2.NEW ORDER- 4788467.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                    Source: 0.2.NEW ORDER- 4788467.exe.4c7ed60.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                    Source: 0.2.NEW ORDER- 4788467.exe.4c7ed60.1.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 0.2.NEW ORDER- 4788467.exe.4c7ed60.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                    Source: 0.2.NEW ORDER- 4788467.exe.4c06140.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                    Source: 0.2.NEW ORDER- 4788467.exe.4c06140.3.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 0.2.NEW ORDER- 4788467.exe.4c06140.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                    Source: 0.2.NEW ORDER- 4788467.exe.4c7ed60.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                    Source: 0.2.NEW ORDER- 4788467.exe.4c7ed60.1.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 0.2.NEW ORDER- 4788467.exe.4c7ed60.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                    Source: 0.2.NEW ORDER- 4788467.exe.4c06140.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                    Source: 0.2.NEW ORDER- 4788467.exe.4c06140.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                    Source: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                    Source: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                    Source: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                    Source: 00000000.00000002.1405920482.0000000004C06000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                    Source: Process Memory Space: NEW ORDER- 4788467.exe PID: 7288, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                    Source: Process Memory Space: NEW ORDER- 4788467.exe PID: 7700, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                    Source: NEW ORDER- 4788467.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: mWrixkEbVc.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: remcos.exe.7.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, cRG9NSKTYVO8Iu0lov.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, cRG9NSKTYVO8Iu0lov.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, cRG9NSKTYVO8Iu0lov.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, cRG9NSKTYVO8Iu0lov.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, cRG9NSKTYVO8Iu0lov.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, cRG9NSKTYVO8Iu0lov.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, KtR0BCbABwJt21J57Q.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, KtR0BCbABwJt21J57Q.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: classification engineClassification label: mal100.rans.troj.spyw.expl.evad.winEXE@42/1046@0/1
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0041798D GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,7_2_0041798D
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0040F4AF GetModuleFileNameW,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,CloseHandle,7_2_0040F4AF
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0041B539 FindResourceA,LoadResource,LockResource,SizeofResource,7_2_0041B539
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0041AADB OpenSCManagerW,OpenServiceW,CloseServiceHandle,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,7_2_0041AADB
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeFile created: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeJump to behavior
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5360:120:WilError_03
                    Source: C:\ProgramData\Remcos\remcos.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7580:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8096:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7524:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7600:120:WilError_03
                    Source: C:\ProgramData\Remcos\remcos.exeMutant created: \Sessions\1\BaseNamedObjects\irPbYjXQowNmWPlIYaEJtbliDti
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8060:120:WilError_03
                    Source: C:\ProgramData\Remcos\remcos.exeMutant created: \Sessions\1\BaseNamedObjects\Rmc-NJK093
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3236:120:WilError_03
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeFile created: C:\Users\user\AppData\Local\Temp\tmpC42D.tmpJump to behavior
                    Source: NEW ORDER- 4788467.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: NEW ORDER- 4788467.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: NEW ORDER- 4788467.exeReversingLabs: Detection: 68%
                    Source: NEW ORDER- 4788467.exeVirustotal: Detection: 43%
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeFile read: C:\Users\user\Desktop\NEW ORDER- 4788467.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\NEW ORDER- 4788467.exe "C:\Users\user\Desktop\NEW ORDER- 4788467.exe"
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mWrixkEbVc.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmpC42D.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess created: C:\Users\user\Desktop\NEW ORDER- 4788467.exe "C:\Users\user\Desktop\NEW ORDER- 4788467.exe"
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\mWrixkEbVc.exe C:\Users\user\AppData\Roaming\mWrixkEbVc.exe
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mWrixkEbVc.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmpD8DE.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"
                    Source: unknownProcess created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmp414.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"
                    Source: unknownProcess created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmp23E1.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"
                    Source: unknownProcess created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmp42D3.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mWrixkEbVc.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmpC42D.tmp"Jump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess created: C:\Users\user\Desktop\NEW ORDER- 4788467.exe "C:\Users\user\Desktop\NEW ORDER- 4788467.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe" Jump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mWrixkEbVc.exe"Jump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmpD8DE.tmp"Jump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"Jump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"Jump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"Jump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmp414.tmp"
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmp23E1.tmp"
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmp42D3.tmp"
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: rstrtmgr.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: version.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: slc.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: winmm.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: urlmon.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: wininet.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: iertutil.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: srvcli.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: netutils.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: iphlpapi.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: rstrtmgr.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: ncrypt.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: ntasn1.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: sspicli.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: uxtheme.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: mswsock.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: windowscodecs.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: cryptsp.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: rsaenh.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: cryptbase.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: mscoree.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: kernel.appcore.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: version.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: uxtheme.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: windows.storage.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: wldp.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: profapi.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: cryptsp.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: rsaenh.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: cryptbase.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: dwrite.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: textshaping.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: amsi.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: userenv.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: msasn1.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: gpapi.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: windowscodecs.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: propsys.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: edputil.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: urlmon.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: iertutil.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: srvcli.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: netutils.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: windows.staterepositoryps.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: sspicli.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: wintypes.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: appresolver.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: bcp47langs.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: slc.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: sppc.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: onecorecommonproxystub.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: onecoreuapcommonproxystub.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: winmm.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: urlmon.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: wininet.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: iertutil.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: srvcli.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: netutils.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: iphlpapi.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: rstrtmgr.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: ncrypt.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: ntasn1.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: kernel.appcore.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: mscoree.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: kernel.appcore.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: version.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: uxtheme.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: windows.storage.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: wldp.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: profapi.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: cryptsp.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: rsaenh.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: cryptbase.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: dwrite.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: textshaping.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: amsi.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: userenv.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: msasn1.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: gpapi.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: windowscodecs.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: propsys.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: edputil.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: urlmon.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: iertutil.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: srvcli.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: netutils.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: windows.staterepositoryps.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: sspicli.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: wintypes.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: appresolver.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: bcp47langs.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: slc.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: sppc.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: onecorecommonproxystub.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: onecoreuapcommonproxystub.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: winmm.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: urlmon.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: wininet.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: iertutil.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: srvcli.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: netutils.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: iphlpapi.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: rstrtmgr.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: ncrypt.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: ntasn1.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: kernel.appcore.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: mscoree.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: kernel.appcore.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: version.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: uxtheme.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: windows.storage.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: wldp.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: profapi.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: cryptsp.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: rsaenh.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: cryptbase.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: dwrite.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: textshaping.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: amsi.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: userenv.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: msasn1.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: gpapi.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: windowscodecs.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: propsys.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: edputil.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: urlmon.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: iertutil.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: srvcli.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: netutils.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: windows.staterepositoryps.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: sspicli.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: wintypes.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: appresolver.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: bcp47langs.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: slc.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: sppc.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: onecorecommonproxystub.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: onecoreuapcommonproxystub.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: winmm.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: urlmon.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: wininet.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: iertutil.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: srvcli.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: netutils.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: iphlpapi.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: rstrtmgr.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: ncrypt.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: ntasn1.dll
                    Source: C:\ProgramData\Remcos\remcos.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: NEW ORDER- 4788467.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: NEW ORDER- 4788467.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: NEW ORDER- 4788467.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: OAEA.pdbSHA256 source: NEW ORDER- 4788467.exe
                    Source: Binary string: OAEA.pdb source: NEW ORDER- 4788467.exe

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, cRG9NSKTYVO8Iu0lov.cs.Net Code: KivoRM9NsX System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, cRG9NSKTYVO8Iu0lov.cs.Net Code: KivoRM9NsX System.Reflection.Assembly.Load(byte[])
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0041CBE1 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,7_2_0041CBE1
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00457186 push ecx; ret 7_2_00457199
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0045E55D push esi; ret 7_2_0045E566
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00457AA8 push eax; ret 7_2_00457AC6
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00434EB6 push ecx; ret 7_2_00434EC9
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 19_2_058C7CEB pushad ; retf 057Dh19_2_058C7CF5
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 19_2_058C1B98 pushad ; retf 19_2_058C1BA5
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_05611C38 push ecx; retf 0001h23_2_05611C7A
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_056134A1 push edi; retf 0001h23_2_056134A2
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_05613130 push esp; retf 0001h23_2_05613132
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_056131B8 push esi; retf 0001h23_2_056131BA
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_05613049 push esp; retf 0001h23_2_0561304A
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_05613091 push esp; retf 0001h23_2_05613092
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_05614350 pushad ; retf 0001h23_2_05614352
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_05614301 pushad ; retf 0001h23_2_05614302
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_05613220 push esi; retf 0001h23_2_05613222
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_056142E1 pushad ; retf 0001h23_2_056142E2
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_056132D7 push esi; retf 0001h23_2_056132DA
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_05611C78 push ecx; retf 0001h23_2_05611C7A
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_0561A970 pushfd ; retf 0001h23_2_0561A972
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_0561A9D9 pushfd ; retf 0001h23_2_0561A9DA
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_05611B30 push eax; retf 0001h23_2_05611B32
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_05611BD1 push ecx; retf 0001h23_2_05611BD2
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_05611BA4 pushad ; retf 23_2_05611BA5
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_05612B90 push esp; retf 0001h23_2_05612B92
                    Source: C:\ProgramData\Remcos\remcos.exeCode function: 23_2_05611AB1 push eax; retf 0001h23_2_05611AB2
                    Source: NEW ORDER- 4788467.exeStatic PE information: section name: .text entropy: 7.969390195014117
                    Source: mWrixkEbVc.exe.0.drStatic PE information: section name: .text entropy: 7.969390195014117
                    Source: remcos.exe.7.drStatic PE information: section name: .text entropy: 7.969390195014117
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, JAbU7tFIl6k13aOnDx.csHigh entropy of concatenated method names: 'itoe4rc6de', 'DcWeibJPEO', 'EYkeb7T5Up', 'gkMeFeCjEV', 'DTRe8I6srl', 'rEjemiLVX5', 'MoUenr0yLt', 'xt6e5lMR7P', 'pMdeY0AntB', 'FDAeOn7a5O'
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, HStQ7foYTf3BZP9BdV.csHigh entropy of concatenated method names: 'XEADvtR0BC', 'KBwDKJt21J', 'RIlDx6k13a', 'tnDDQxWx3B', 'a04D8GDyD4', 'qQaDmRQFmF', 'lYFb11EUbjWJvrCdsu', 'Ylso6Zn6LDqeU81MHq', 'o6dDDcfWfk', 'PGwDpNaAPO'
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, H9oxqiDD1FX1lEKUu2Z.csHigh entropy of concatenated method names: 'U6AO0PWja5', 'swrOz36u8U', 'PNw1EJTuRA', 'pQt1DXDgAg', 'u4t1Xv4Eac', 'J9C1pSdYgO', 'aCD1oUp8Pk', 'cJ31gtyMoV', 'aIX1VJW2GM', 'Pmu1GdjvGY'
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, HD45Qa2RQFmFcbFXGi.csHigh entropy of concatenated method names: 'PE0SglsVS4', 'x0WSGmjU4r', 'V19STifmPU', 'f7FSvWVV6n', 'sAISK5GVvU', 'ia5TacQwEb', 'NvUTBn91Li', 'QL1TWXjMIF', 'Yk5TsgZLU4', 'jYQTNP0GUq'
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, pEnjUY6sVWkpFHyr5t.csHigh entropy of concatenated method names: 'U2DnxLGBq3', 'iyXnQotOOV', 'ToString', 'JpunV6xjxQ', 'K3CnGU9rZg', 'Lu5neGHZw1', 'MxFnTj3c1g', 'peXnS0PGNb', 'dgdnvKK4Ag', 'bIsnK5phY4'
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, cRG9NSKTYVO8Iu0lov.csHigh entropy of concatenated method names: 'CdhpgmEojP', 'CXxpVUeIIr', 'Sl9pGtC09a', 'UyypenmLUb', 'TZZpTwZSNw', 'wGTpS5wOr1', 'QBEpvH3GbX', 'zKMpKkrpc3', 'jrTpZZ2CRD', 'kURpx5H9fN'
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, iZfXHv02lmmWSS2l9B.csHigh entropy of concatenated method names: 'susOecW5As', 'SuHOT9AKXo', 'RPbOSSlgtR', 'BiMOv2kvrL', 'AuVOYeHdGV', 'gKHOK8Dy7q', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, MB7t9tPylQOK4AS7IP.csHigh entropy of concatenated method names: 'JKovflTpL9', 'GRdvIsSonr', 'vS3vReOGxm', 'bEIv4rLXWR', 'nyKvLSI6oR', 'YKLviUeJWy', 'tvnv3DLv84', 'L0NvbtIcm9', 'yrOvFcX4PG', 'TptvdlJSQY'
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, ALc4HEt9dA7HXsqUwC.csHigh entropy of concatenated method names: 'rMT8WAu3Le', 'G7R8smpCHn', 'xWM8Nk6E1q', 'f2f80othHB', 'INXxKy5dk4wOWpQ3iAZ', 'Eb7FdV5puGea69k3JJL'
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, VciM0fDE5kCgPfVSPRX.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'MpmOMylOgl', 'vyYOUkcP1a', 'dTxO7hcMOD', 'emUOCJwdet', 'P6DOte2mla', 'zJROrLYQqE', 'G0fO62yyeU'
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, D2dVEvz6m2VQlGILu0.csHigh entropy of concatenated method names: 'rubOiG457Q', 'yO7Obcs3D0', 'NDaOFy6VmM', 'xmqO2q51Vh', 'KBqOcOLtxD', 'TquO9s7T2F', 'Yl1OkPPAR9', 'ujlOlOI2vT', 'XlhOf3sJM4', 'o7qOIeDx21'
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, nqWY9xWwT0dVA5Vj9G.csHigh entropy of concatenated method names: 'givY8qyifD', 'On0YnP9x6B', 'qwxYYwTYHb', 'uI3Y1U9SIo', 'qRoYw1LeGJ', 'hRGYljnRCc', 'Dispose', 'oIY5V1i9fb', 'z6i5GDdnNd', 'qM15eWqAjt'
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, M1nSIEXrZbpCJbPAeg.csHigh entropy of concatenated method names: 'AFnRpoBaw', 'CIb4X3cAR', 'b00iIPriF', 'rTp3aty1G', 'ACVFpI0No', 'JxEd3INem', 'IN85aNJ417v4ZBPXAY', 'ciLOm12oC7yx30LV22', 'JXD5hy2UL', 'OobO83Xki'
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, TF4fn07XJ8ZKTn0ByV.csHigh entropy of concatenated method names: 'bnBhbKSBEv', 'aL5hF2uO7u', 'h6sh243skp', 'Bm1hctmp2H', 'pLHh9WTkgK', 'e3ghkm1gyq', 'N1xhAsXILW', 'ypBhH7Ic5V', 'Y1PhJlkf8S', 'jaNhMf3EwT'
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, nSEmJYN8KuHmdrirBd.csHigh entropy of concatenated method names: 'uZCY27aAgK', 'lV2YcVjEIB', 'ytGYyrShe1', 'NrUY9SxJ5d', 'NISYkgwBkI', 'lmUYu9DVwI', 'VLiYAXdPHe', 'FRDYHrgcQ0', 'jqGYPMBlyl', 'Ip0YJ3JkTh'
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, WqTVEeGGrDvElc5l2B.csHigh entropy of concatenated method names: 'Dispose', 'YdVDNA5Vj9', 'hqlXcMKlQ2', 'pZv0yAvLAZ', 'fdbD0Gacei', 'fCvDzYPjl5', 'ProcessDialogKey', 'uthXESEmJY', 'oKuXDHmdri', 'TBdXXTZfXH'
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, Wx3BWAdLtuS0bE04GD.csHigh entropy of concatenated method names: 'BlgTLimniv', 'ykoT3GkXCO', 'mSxeySwCj9', 'm2Ue91SWfL', 'vhJekdeICI', 'KL8euwRUI5', 'sU0eA5VymX', 'Ue3eHfcSd3', 'jDvePtX7HP', 'Hw9eJ911Gq'
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, KtR0BCbABwJt21J57Q.csHigh entropy of concatenated method names: 'me3GCdnNke', 'SdfGt3Bx2W', 'cGfGrCDrSt', 'NaQG6Ud1fd', 'fTUGa50eQd', 'wXPGB79NZY', 'wPoGW0V8L0', 'zOiGsxVbs8', 'hqZGNnVl6f', 'WLxG08A2We'
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, XQhhAtBODFb9yC5QBA.csHigh entropy of concatenated method names: 'o8qnsSC5YS', 'v2Nn0eCHaG', 'cea5EHAHnp', 'KQu5DOPGV3', 'GnjnMWdB3Y', 'Oi6nU7vbjo', 'TZen7IXItR', 'rvqnCAXlCP', 'ioGntTOKRl', 'EXynrSYLG7'
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, GwBb6eA2YeIGG7vQPO.csHigh entropy of concatenated method names: 'fXevVPhIPi', 'HVqveYVH7J', 'gH7vSC04Ee', 'DfDS0IwCpb', 'XZOSzfZ8D8', 'esFvEcg8me', 'MqsvDFlDle', 'UaUvXk2MPw', 'MuTvpw1vEb', 'e5mvop3Gps'
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, I1D79nDortinY6YPBJl.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'MK6jYOFZ6a', 'At2jO7571f', 'dxNj1th7Yh', 'LSHjj3t2RF', 'SrijwVs1eb', 'WVJjqpACki', 'b73jlPxQcu'
                    Source: 0.2.NEW ORDER- 4788467.exe.90b0000.5.raw.unpack, BWbrhTeBIwBKliiRw9.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'US6XNg6SoT', 'rlIX09I9UV', 'WsRXzlWhRF', 'zVvpEO73Jm', 'xH4pD2A4Wd', 'sJBpXOVFDo', 'MkhppSFBHg', 'k7o3xiXd20ajRqxODC3'
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, JAbU7tFIl6k13aOnDx.csHigh entropy of concatenated method names: 'itoe4rc6de', 'DcWeibJPEO', 'EYkeb7T5Up', 'gkMeFeCjEV', 'DTRe8I6srl', 'rEjemiLVX5', 'MoUenr0yLt', 'xt6e5lMR7P', 'pMdeY0AntB', 'FDAeOn7a5O'
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, HStQ7foYTf3BZP9BdV.csHigh entropy of concatenated method names: 'XEADvtR0BC', 'KBwDKJt21J', 'RIlDx6k13a', 'tnDDQxWx3B', 'a04D8GDyD4', 'qQaDmRQFmF', 'lYFb11EUbjWJvrCdsu', 'Ylso6Zn6LDqeU81MHq', 'o6dDDcfWfk', 'PGwDpNaAPO'
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, H9oxqiDD1FX1lEKUu2Z.csHigh entropy of concatenated method names: 'U6AO0PWja5', 'swrOz36u8U', 'PNw1EJTuRA', 'pQt1DXDgAg', 'u4t1Xv4Eac', 'J9C1pSdYgO', 'aCD1oUp8Pk', 'cJ31gtyMoV', 'aIX1VJW2GM', 'Pmu1GdjvGY'
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, HD45Qa2RQFmFcbFXGi.csHigh entropy of concatenated method names: 'PE0SglsVS4', 'x0WSGmjU4r', 'V19STifmPU', 'f7FSvWVV6n', 'sAISK5GVvU', 'ia5TacQwEb', 'NvUTBn91Li', 'QL1TWXjMIF', 'Yk5TsgZLU4', 'jYQTNP0GUq'
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, pEnjUY6sVWkpFHyr5t.csHigh entropy of concatenated method names: 'U2DnxLGBq3', 'iyXnQotOOV', 'ToString', 'JpunV6xjxQ', 'K3CnGU9rZg', 'Lu5neGHZw1', 'MxFnTj3c1g', 'peXnS0PGNb', 'dgdnvKK4Ag', 'bIsnK5phY4'
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, cRG9NSKTYVO8Iu0lov.csHigh entropy of concatenated method names: 'CdhpgmEojP', 'CXxpVUeIIr', 'Sl9pGtC09a', 'UyypenmLUb', 'TZZpTwZSNw', 'wGTpS5wOr1', 'QBEpvH3GbX', 'zKMpKkrpc3', 'jrTpZZ2CRD', 'kURpx5H9fN'
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, iZfXHv02lmmWSS2l9B.csHigh entropy of concatenated method names: 'susOecW5As', 'SuHOT9AKXo', 'RPbOSSlgtR', 'BiMOv2kvrL', 'AuVOYeHdGV', 'gKHOK8Dy7q', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, MB7t9tPylQOK4AS7IP.csHigh entropy of concatenated method names: 'JKovflTpL9', 'GRdvIsSonr', 'vS3vReOGxm', 'bEIv4rLXWR', 'nyKvLSI6oR', 'YKLviUeJWy', 'tvnv3DLv84', 'L0NvbtIcm9', 'yrOvFcX4PG', 'TptvdlJSQY'
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, ALc4HEt9dA7HXsqUwC.csHigh entropy of concatenated method names: 'rMT8WAu3Le', 'G7R8smpCHn', 'xWM8Nk6E1q', 'f2f80othHB', 'INXxKy5dk4wOWpQ3iAZ', 'Eb7FdV5puGea69k3JJL'
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, VciM0fDE5kCgPfVSPRX.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'MpmOMylOgl', 'vyYOUkcP1a', 'dTxO7hcMOD', 'emUOCJwdet', 'P6DOte2mla', 'zJROrLYQqE', 'G0fO62yyeU'
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, D2dVEvz6m2VQlGILu0.csHigh entropy of concatenated method names: 'rubOiG457Q', 'yO7Obcs3D0', 'NDaOFy6VmM', 'xmqO2q51Vh', 'KBqOcOLtxD', 'TquO9s7T2F', 'Yl1OkPPAR9', 'ujlOlOI2vT', 'XlhOf3sJM4', 'o7qOIeDx21'
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, nqWY9xWwT0dVA5Vj9G.csHigh entropy of concatenated method names: 'givY8qyifD', 'On0YnP9x6B', 'qwxYYwTYHb', 'uI3Y1U9SIo', 'qRoYw1LeGJ', 'hRGYljnRCc', 'Dispose', 'oIY5V1i9fb', 'z6i5GDdnNd', 'qM15eWqAjt'
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, M1nSIEXrZbpCJbPAeg.csHigh entropy of concatenated method names: 'AFnRpoBaw', 'CIb4X3cAR', 'b00iIPriF', 'rTp3aty1G', 'ACVFpI0No', 'JxEd3INem', 'IN85aNJ417v4ZBPXAY', 'ciLOm12oC7yx30LV22', 'JXD5hy2UL', 'OobO83Xki'
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, TF4fn07XJ8ZKTn0ByV.csHigh entropy of concatenated method names: 'bnBhbKSBEv', 'aL5hF2uO7u', 'h6sh243skp', 'Bm1hctmp2H', 'pLHh9WTkgK', 'e3ghkm1gyq', 'N1xhAsXILW', 'ypBhH7Ic5V', 'Y1PhJlkf8S', 'jaNhMf3EwT'
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, nSEmJYN8KuHmdrirBd.csHigh entropy of concatenated method names: 'uZCY27aAgK', 'lV2YcVjEIB', 'ytGYyrShe1', 'NrUY9SxJ5d', 'NISYkgwBkI', 'lmUYu9DVwI', 'VLiYAXdPHe', 'FRDYHrgcQ0', 'jqGYPMBlyl', 'Ip0YJ3JkTh'
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, WqTVEeGGrDvElc5l2B.csHigh entropy of concatenated method names: 'Dispose', 'YdVDNA5Vj9', 'hqlXcMKlQ2', 'pZv0yAvLAZ', 'fdbD0Gacei', 'fCvDzYPjl5', 'ProcessDialogKey', 'uthXESEmJY', 'oKuXDHmdri', 'TBdXXTZfXH'
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, Wx3BWAdLtuS0bE04GD.csHigh entropy of concatenated method names: 'BlgTLimniv', 'ykoT3GkXCO', 'mSxeySwCj9', 'm2Ue91SWfL', 'vhJekdeICI', 'KL8euwRUI5', 'sU0eA5VymX', 'Ue3eHfcSd3', 'jDvePtX7HP', 'Hw9eJ911Gq'
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, KtR0BCbABwJt21J57Q.csHigh entropy of concatenated method names: 'me3GCdnNke', 'SdfGt3Bx2W', 'cGfGrCDrSt', 'NaQG6Ud1fd', 'fTUGa50eQd', 'wXPGB79NZY', 'wPoGW0V8L0', 'zOiGsxVbs8', 'hqZGNnVl6f', 'WLxG08A2We'
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, XQhhAtBODFb9yC5QBA.csHigh entropy of concatenated method names: 'o8qnsSC5YS', 'v2Nn0eCHaG', 'cea5EHAHnp', 'KQu5DOPGV3', 'GnjnMWdB3Y', 'Oi6nU7vbjo', 'TZen7IXItR', 'rvqnCAXlCP', 'ioGntTOKRl', 'EXynrSYLG7'
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, GwBb6eA2YeIGG7vQPO.csHigh entropy of concatenated method names: 'fXevVPhIPi', 'HVqveYVH7J', 'gH7vSC04Ee', 'DfDS0IwCpb', 'XZOSzfZ8D8', 'esFvEcg8me', 'MqsvDFlDle', 'UaUvXk2MPw', 'MuTvpw1vEb', 'e5mvop3Gps'
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, I1D79nDortinY6YPBJl.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'MK6jYOFZ6a', 'At2jO7571f', 'dxNj1th7Yh', 'LSHjj3t2RF', 'SrijwVs1eb', 'WVJjqpACki', 'b73jlPxQcu'
                    Source: 0.2.NEW ORDER- 4788467.exe.427f5e8.2.raw.unpack, BWbrhTeBIwBKliiRw9.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'US6XNg6SoT', 'rlIX09I9UV', 'WsRXzlWhRF', 'zVvpEO73Jm', 'xH4pD2A4Wd', 'sJBpXOVFDo', 'MkhppSFBHg', 'k7o3xiXd20ajRqxODC3'
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00406EEB ShellExecuteW,URLDownloadToFileW,7_2_00406EEB
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeFile created: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeJump to dropped file
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeFile created: C:\ProgramData\Remcos\remcos.exeJump to dropped file
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeFile created: C:\ProgramData\Remcos\remcos.exeJump to dropped file

                    Boot Survival

                    barindex
                    Creates autostart registry keys with suspicious names
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Rmc-NJK093Jump to behavior
                    Uses schtasks.exe or at.exe to add and modify task schedules
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmpC42D.tmp"
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0041AADB OpenSCManagerW,OpenServiceW,CloseServiceHandle,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,7_2_0041AADB
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Rmc-NJK093Jump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Rmc-NJK093Jump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Rmc-NJK093Jump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Rmc-NJK093Jump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0041CBE1 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,7_2_0041CBE1
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\ProgramData\Remcos\remcos.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: NEW ORDER- 4788467.exe PID: 7288, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 7788, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: mWrixkEbVc.exe PID: 7820, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 1304, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 7740, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 2072, type: MEMORYSTR
                    Delayed program exit found
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0040F7E2 Sleep,ExitProcess,7_2_0040F7E2
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeMemory allocated: 2EA0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeMemory allocated: 30F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeMemory allocated: 2F00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeMemory allocated: 9270000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeMemory allocated: A270000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeMemory allocated: A470000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeMemory allocated: B470000 memory reserve | memory write watchJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: 3150000 memory reserve | memory write watchJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: 33B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: 32C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: 9150000 memory reserve | memory write watchJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: A150000 memory reserve | memory write watchJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: A340000 memory reserve | memory write watchJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: B340000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeMemory allocated: 13F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeMemory allocated: 2EB0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeMemory allocated: 2CE0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeMemory allocated: 8A60000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeMemory allocated: 9A60000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeMemory allocated: 9C50000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeMemory allocated: AC50000 memory reserve | memory write watchJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: 1890000 memory reserve | memory write watch
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: 3440000 memory reserve | memory write watch
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: 31D0000 memory reserve | memory write watch
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: 9000000 memory reserve | memory write watch
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: A000000 memory reserve | memory write watch
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: A1F0000 memory reserve | memory write watch
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: B1F0000 memory reserve | memory write watch
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: 1850000 memory reserve | memory write watch
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: 31E0000 memory reserve | memory write watch
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: 1A60000 memory reserve | memory write watch
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: 8C30000 memory reserve | memory write watch
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: 9C30000 memory reserve | memory write watch
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: 9E10000 memory reserve | memory write watch
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: AE10000 memory reserve | memory write watch
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: 1290000 memory reserve | memory write watch
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: 2D30000 memory reserve | memory write watch
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: 1290000 memory reserve | memory write watch
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: 8900000 memory reserve | memory write watch
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: 9900000 memory reserve | memory write watch
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: 9AF0000 memory reserve | memory write watch
                    Source: C:\ProgramData\Remcos\remcos.exeMemory allocated: AAF0000 memory reserve | memory write watch
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: OpenSCManagerA,EnumServicesStatusW,GetLastError,EnumServicesStatusW,OpenServiceW,QueryServiceConfigW,GetLastError,QueryServiceConfigW,CloseServiceHandle,CloseServiceHandle,7_2_0041A7D9
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\ProgramData\Remcos\remcos.exeThread delayed: delay time: 922337203685477
                    Source: C:\ProgramData\Remcos\remcos.exeThread delayed: delay time: 922337203685477
                    Source: C:\ProgramData\Remcos\remcos.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8676Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 890Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7036
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2560
                    Source: C:\ProgramData\Remcos\remcos.exeWindow / User API: threadDelayed 3627
                    Source: C:\ProgramData\Remcos\remcos.exeWindow / User API: threadDelayed 5514
                    Source: C:\ProgramData\Remcos\remcos.exeWindow / User API: foregroundWindowGot 1748
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeEvaded block: after key decisiongraph_7-47698
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeEvaded block: after key decisiongraph_7-47674
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeAPI coverage: 6.3 %
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exe TID: 7312Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7812Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exe TID: 7808Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exe TID: 7844Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4872Thread sleep time: -5534023222112862s >= -30000s
                    Source: C:\ProgramData\Remcos\remcos.exe TID: 3868Thread sleep time: -30000s >= -30000s
                    Source: C:\ProgramData\Remcos\remcos.exe TID: 6072Thread sleep count: 32 > 30
                    Source: C:\ProgramData\Remcos\remcos.exe TID: 6080Thread sleep count: 3627 > 30
                    Source: C:\ProgramData\Remcos\remcos.exe TID: 6080Thread sleep time: -10881000s >= -30000s
                    Source: C:\ProgramData\Remcos\remcos.exe TID: 4152Thread sleep count: 176 > 30
                    Source: C:\ProgramData\Remcos\remcos.exe TID: 4152Thread sleep time: -10560000s >= -30000s
                    Source: C:\ProgramData\Remcos\remcos.exe TID: 6080Thread sleep count: 5514 > 30
                    Source: C:\ProgramData\Remcos\remcos.exe TID: 6080Thread sleep time: -16542000s >= -30000s
                    Source: C:\ProgramData\Remcos\remcos.exe TID: 1012Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\ProgramData\Remcos\remcos.exe TID: 7512Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\ProgramData\Remcos\remcos.exe TID: 2024Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0040928E __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose,7_2_0040928E
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0041C322 FindFirstFileW,FindNextFileW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose,7_2_0041C322
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0040C388 FindFirstFileW,PathFileExistsW,FindNextFileW,FindClose,FindClose,7_2_0040C388
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_004096A0 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose,7_2_004096A0
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00408847 __EH_prolog,FindFirstFileW,__CxxThrowException@8,FindNextFileW,FindClose,7_2_00408847
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00407877 FindFirstFileW,FindNextFileW,7_2_00407877
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0044E8F9 FindFirstFileExA,7_2_0044E8F9
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0040BB6B FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose,7_2_0040BB6B
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00419B86 FindFirstFileW,FindNextFileW,FindNextFileW,7_2_00419B86
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0040BD72 FindFirstFileA,FindClose,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose,7_2_0040BD72
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00407CD2 SetEvent,GetFileAttributesW,DeleteFileW,ShellExecuteW,GetLogicalDriveStringsA,SetFileAttributesW,DeleteFileA,Sleep,StrToIntA,CreateDirectoryW,7_2_00407CD2
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\ProgramData\Remcos\remcos.exeThread delayed: delay time: 60000
                    Source: C:\ProgramData\Remcos\remcos.exeThread delayed: delay time: 922337203685477
                    Source: C:\ProgramData\Remcos\remcos.exeThread delayed: delay time: 922337203685477
                    Source: C:\ProgramData\Remcos\remcos.exeThread delayed: delay time: 922337203685477
                    Source: remcos.exe, 00000008.00000002.1455969387.00000000014A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\YM
                    Source: NEW ORDER- 4788467.exe, 00000007.00000002.1385949758.0000000000AF1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                    Source: remcos.exe, 00000017.00000002.1675045806.00000000084E3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Ig
                    Source: remcos.exe, 00000011.00000002.3790646683.00000000013B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00434A8A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00434A8A
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0041CBE1 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,7_2_0041CBE1
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00443355 mov eax, dword ptr fs:[00000030h]7_2_00443355
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_004120B2 GetProcessHeap,HeapFree,7_2_004120B2
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0043503C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_0043503C
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00434A8A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00434A8A
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0043BB71 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_0043BB71
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00434BD8 SetUnhandledExceptionFilter,7_2_00434BD8
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mWrixkEbVc.exe"
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mWrixkEbVc.exe"
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mWrixkEbVc.exe"Jump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mWrixkEbVc.exe"Jump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeMemory written: C:\Users\user\Desktop\NEW ORDER- 4788467.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeMemory written: C:\ProgramData\Remcos\remcos.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeMemory written: C:\ProgramData\Remcos\remcos.exe base: 400000 value starts with: 4D5A
                    Source: C:\ProgramData\Remcos\remcos.exeMemory written: C:\ProgramData\Remcos\remcos.exe base: 400000 value starts with: 4D5A
                    Source: C:\ProgramData\Remcos\remcos.exeMemory written: C:\ProgramData\Remcos\remcos.exe base: 400000 value starts with: 4D5A
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: GetCurrentProcessId,OpenMutexA,CloseHandle,CreateThread,CloseHandle,Sleep,OpenProcess, svchost.exe7_2_00412132
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00419662 mouse_event,7_2_00419662
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mWrixkEbVc.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmpC42D.tmp"Jump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess created: C:\Users\user\Desktop\NEW ORDER- 4788467.exe "C:\Users\user\Desktop\NEW ORDER- 4788467.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeProcess created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe" Jump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mWrixkEbVc.exe"Jump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmpD8DE.tmp"Jump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"Jump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"Jump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"Jump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmp414.tmp"
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmp23E1.tmp"
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmp42D3.tmp"
                    Source: C:\ProgramData\Remcos\remcos.exeProcess created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\/
                    Source: remcos.exe, 00000011.00000002.3790646683.00000000013B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\l
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\,
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\k
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\+
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\f
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\e
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\%
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\^
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\_
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\\
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\[
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\W
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\T
                    Source: remcos.exe, 00000011.00000002.3790646683.00000000013B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [Program Manager]
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\S
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\P
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\I
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\H
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\B
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\=
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\?
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\:
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\y
                    Source: remcos.exe, 00000011.00000002.3791551409.00000000015C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager93\
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00434CB6 cpuid 7_2_00434CB6
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: EnumSystemLocalesW,7_2_0045201B
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: EnumSystemLocalesW,7_2_004520B6
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,7_2_00452143
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: GetLocaleInfoW,7_2_00452393
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: EnumSystemLocalesW,7_2_00448484
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,7_2_004524BC
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: GetLocaleInfoW,7_2_004525C3
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,7_2_00452690
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: GetLocaleInfoW,7_2_0044896D
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: GetLocaleInfoA,7_2_0040F90C
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,7_2_00451D58
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: EnumSystemLocalesW,7_2_00451FD0
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeQueries volume information: C:\Users\user\Desktop\NEW ORDER- 4788467.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeQueries volume information: C:\ProgramData\Remcos\remcos.exe VolumeInformationJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeQueries volume information: C:\Users\user\AppData\Roaming\mWrixkEbVc.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\mWrixkEbVc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                    Source: C:\ProgramData\Remcos\remcos.exeQueries volume information: C:\ProgramData\Remcos\remcos.exe VolumeInformation
                    Source: C:\ProgramData\Remcos\remcos.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\ProgramData\Remcos\remcos.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\ProgramData\Remcos\remcos.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\ProgramData\Remcos\remcos.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\ProgramData\Remcos\remcos.exeQueries volume information: C:\ProgramData\Remcos\remcos.exe VolumeInformation
                    Source: C:\ProgramData\Remcos\remcos.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\ProgramData\Remcos\remcos.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\ProgramData\Remcos\remcos.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\ProgramData\Remcos\remcos.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\ProgramData\Remcos\remcos.exeQueries volume information: C:\ProgramData\Remcos\remcos.exe VolumeInformation
                    Source: C:\ProgramData\Remcos\remcos.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\ProgramData\Remcos\remcos.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\ProgramData\Remcos\remcos.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\ProgramData\Remcos\remcos.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0041A045 __EH_prolog,GdiplusStartup,CreateDirectoryW,Sleep,Sleep,GetLocalTime,Sleep,7_2_0041A045
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_0041B69E GetUserNameW,7_2_0041B69E
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: 7_2_00449210 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,7_2_00449210
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected Remcos RAT
                    Source: Yara matchFile source: 7.2.NEW ORDER- 4788467.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.NEW ORDER- 4788467.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NEW ORDER- 4788467.exe.4c7ed60.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NEW ORDER- 4788467.exe.4c06140.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NEW ORDER- 4788467.exe.4c7ed60.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NEW ORDER- 4788467.exe.4c06140.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000011.00000002.3790646683.00000000013B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000002.1546311824.0000000000B87000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001E.00000002.1706489344.0000000000F97000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.1385949758.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000011.00000002.3792155314.0000000002FAF000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000002.1627153891.0000000001197000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1405920482.0000000004C06000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: NEW ORDER- 4788467.exe PID: 7288, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: NEW ORDER- 4788467.exe PID: 7700, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 2220, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 7548, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 1648, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 7672, type: MEMORYSTR
                    Source: Yara matchFile source: C:\ProgramData\Remcos\logs.dat, type: DROPPED
                    Contains functionality to steal Chrome passwords or cookies
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: \AppData\Local\Google\Chrome\User Data\Default\Login Data7_2_0040BA4D
                    Contains functionality to steal Firefox passwords or cookies
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: \AppData\Roaming\Mozilla\Firefox\Profiles\7_2_0040BB6B
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: \key3.db7_2_0040BB6B

                    Remote Access Functionality

                    barindex
                    Detected Remcos RAT
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeMutex created: \Sessions\1\BaseNamedObjects\Rmc-NJK093Jump to behavior
                    Source: C:\ProgramData\Remcos\remcos.exeMutex created: \Sessions\1\BaseNamedObjects\Rmc-NJK093
                    Source: C:\ProgramData\Remcos\remcos.exeMutex created: \Sessions\1\BaseNamedObjects\Rmc-NJK093
                    Source: C:\ProgramData\Remcos\remcos.exeMutex created: \Sessions\1\BaseNamedObjects\Rmc-NJK093
                    Source: C:\ProgramData\Remcos\remcos.exeMutex created: \Sessions\1\BaseNamedObjects\Rmc-NJK093
                    Yara detected Remcos RAT
                    Source: Yara matchFile source: 7.2.NEW ORDER- 4788467.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 7.2.NEW ORDER- 4788467.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NEW ORDER- 4788467.exe.4c7ed60.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NEW ORDER- 4788467.exe.4c06140.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NEW ORDER- 4788467.exe.4c7ed60.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.NEW ORDER- 4788467.exe.4c06140.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000011.00000002.3790646683.00000000013B7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000002.1546311824.0000000000B87000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001E.00000002.1706489344.0000000000F97000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.1385949758.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000011.00000002.3792155314.0000000002FAF000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000001A.00000002.1627153891.0000000001197000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1405920482.0000000004C06000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: NEW ORDER- 4788467.exe PID: 7288, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: NEW ORDER- 4788467.exe PID: 7700, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 2220, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 7548, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 1648, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: remcos.exe PID: 7672, type: MEMORYSTR
                    Source: Yara matchFile source: C:\ProgramData\Remcos\logs.dat, type: DROPPED
                    Source: C:\Users\user\Desktop\NEW ORDER- 4788467.exeCode function: cmd.exe7_2_0040569A

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                    Native API                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		11
                    Disable or Modify Tools                    		1
                    OS Credential Dumping                    		2
                    System Time Discovery                    		Remote Services11
                    Archive Collected Data                    		11
                    Ingress Tool Transfer                    		Exfiltration Over Other Network Medium1
                    System Shutdown/Reboot
                    CredentialsDomainsDefault Accounts1
                    Command and Scripting Interpreter                    		1
                    Windows Service                    		1
                    Bypass User Account Control                    		1
                    Deobfuscate/Decode Files or Information                    		211
                    Input Capture                    		1
                    Account Discovery                    		Remote Desktop Protocol211
                    Input Capture                    		2
                    Encrypted Channel                    		Exfiltration Over Bluetooth1
                    Defacement
                    Email AddressesDNS ServerDomain Accounts1
                    Scheduled Task/Job                    		1
                    Scheduled Task/Job                    		1
                    Access Token Manipulation                    		4
                    Obfuscated Files or Information                    		2
                    Credentials In Files                    		1
                    System Service Discovery                    		SMB/Windows Admin Shares3
                    Clipboard Data                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal Accounts2
                    Service Execution                    		11
                    Registry Run Keys / Startup Folder                    		1
                    Windows Service                    		12
                    Software Packing                    		NTDS3
                    File and Directory Discovery                    		Distributed Component Object ModelInput Capture1
                    Remote Access Software                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script122
                    Process Injection                    		1
                    DLL Side-Loading                    		LSA Secrets33
                    System Information Discovery                    		SSHKeylogging1
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                    Scheduled Task/Job                    		1
                    Bypass User Account Control                    		Cached Domain Credentials121
                    Security Software Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items11
                    Registry Run Keys / Startup Folder                    		1
                    Masquerading                    		DCSync31
                    Virtualization/Sandbox Evasion                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job31
                    Virtualization/Sandbox Evasion                    		Proc Filesystem3
                    Process Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                    Access Token Manipulation                    		/etc/passwd and /etc/shadow1
                    Application Window Discovery                    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron122
                    Process Injection                    		Network Sniffing1
                    System Owner/User Discovery                    		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1559977 Sample: NEW ORDER- 4788467.exe Startdate: 21/11/2024 Architecture: WINDOWS Score: 100 83 Suricata IDS alerts for network traffic 2->83 85 Found malware configuration 2->85 87 Malicious sample detected (through community Yara rule) 2->87 89 21 other signatures 2->89 9 NEW ORDER- 4788467.exe 7 2->9         started        13 remcos.exe 2->13         started        15 remcos.exe 2->15         started        17 2 other processes 2->17 process3 file4 73 C:\Users\user\AppData\...\mWrixkEbVc.exe, PE32 9->73 dropped 75 C:\Users\...\mWrixkEbVc.exe:Zone.Identifier, ASCII 9->75 dropped 77 C:\Users\user\AppData\Local\...\tmpC42D.tmp, XML 9->77 dropped 79 C:\Users\user\...79EW ORDER- 4788467.exe.log, ASCII 9->79 dropped 111 Adds a directory exclusion to Windows Defender 9->111 113 Injects a PE file into a foreign processes 9->113 19 NEW ORDER- 4788467.exe 2 4 9->19         started        23 powershell.exe 23 9->23         started        25 schtasks.exe 1 9->25         started        27 remcos.exe 13->27         started        29 schtasks.exe 13->29         started        31 remcos.exe 15->31         started        33 schtasks.exe 15->33         started        115 Multi AV Scanner detection for dropped file 17->115 117 Machine Learning detection for dropped file 17->117 35 remcos.exe 17->35         started        37 schtasks.exe 17->37         started        signatures5 process6 file7 67 C:\ProgramData\Remcos\remcos.exe, PE32 19->67 dropped 69 C:\ProgramData\...\remcos.exe:Zone.Identifier, ASCII 19->69 dropped 91 Detected Remcos RAT 19->91 93 Creates autostart registry keys with suspicious names 19->93 39 remcos.exe 5 19->39         started        95 Loading BitLocker PowerShell Module 23->95 42 conhost.exe 23->42         started        44 conhost.exe 25->44         started        46 conhost.exe 29->46         started        48 conhost.exe 33->48         started        50 conhost.exe 37->50         started        signatures8 process9 signatures10 103 Multi AV Scanner detection for dropped file 39->103 105 Machine Learning detection for dropped file 39->105 107 Adds a directory exclusion to Windows Defender 39->107 109 Injects a PE file into a foreign processes 39->109 52 remcos.exe 39->52         started        57 powershell.exe 23 39->57         started        59 schtasks.exe 39->59         started        61 2 other processes 39->61 process11 dnsIp12 81 206.189.218.238, 2286, 3363, 3386 DIGITALOCEAN-ASNUS United States 52->81 71 C:\ProgramData\Remcos\logs.dat, data 52->71 dropped 97 Detected Remcos RAT 52->97 99 Installs a global keyboard hook 52->99 101 Loading BitLocker PowerShell Module 57->101 63 conhost.exe 57->63         started        65 conhost.exe 59->65         started        file13 signatures14 process15

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    NEW ORDER- 4788467.exe68%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                    NEW ORDER- 4788467.exe44%VirustotalBrowse
                    NEW ORDER- 4788467.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\mWrixkEbVc.exe100%Joe Sandbox ML
                    C:\ProgramData\Remcos\remcos.exe100%Joe Sandbox ML
                    C:\ProgramData\Remcos\remcos.exe68%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                    C:\ProgramData\Remcos\remcos.exe44%VirustotalBrowse
                    C:\Users\user\AppData\Roaming\mWrixkEbVc.exe68%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                    C:\Users\user\AppData\Roaming\mWrixkEbVc.exe44%VirustotalBrowse

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    No Antivirus matches

                    Domains and IPs

                    Contacted Domains

                    No contacted domains info

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://geoplugin.net/json.gpNEW ORDER- 4788467.exefalse
                      		high
                      http://geoplugin.net/json.gp/CNEW ORDER- 4788467.exe, 00000000.00000002.1405920482.0000000004C06000.00000004.00000800.00020000.00000000.sdmp, NEW ORDER- 4788467.exe, 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                        		high
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameNEW ORDER- 4788467.exe, 00000000.00000002.1405177337.0000000003167000.00000004.00000800.00020000.00000000.sdmp, remcos.exe, 00000008.00000002.1457852593.0000000003427000.00000004.00000800.00020000.00000000.sdmp, remcos.exe, 00000013.00000002.1570075548.00000000034BA000.00000004.00000800.00020000.00000000.sdmp, remcos.exe, 00000017.00000002.1650806723.00000000032E9000.00000004.00000800.00020000.00000000.sdmp, remcos.exe, 0000001B.00000002.1731378452.0000000002E39000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://tempuri.org/project_mgtDataSet.xsdOproject_mgt_system.Properties.ResourcesNEW ORDER- 4788467.exefalse
                            		high

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            206.189.218.238
                            		unknownUnited States
                            		14061DIGITALOCEAN-ASNUStrue

                            General Information

                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1559977
                            Start date and time:2024-11-21 09:00:08 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 13m 4s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:34
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:NEW ORDER- 4788467.exe
                            Detection:MAL
                            Classification:mal100.rans.troj.spyw.expl.evad.winEXE@42/1046@0/1
                            EGA Information:
                            • Successful, ratio: 87.5%
                            HCA Information:
                            • Successful, ratio: 97%
                            • Number of executed functions: 382
                            • Number of non-executed functions: 205
                            Cookbook Comments:
                            • Found application associated with file extension: .exe
                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                            Warnings

                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                            • Execution Graph export aborted for target remcos.exe, PID 2220 because there are no executed function
                            • Not all processes where analyzed, report is missing behavior information
                            • Report creation exceeded maximum time and may have missing disassembly code information.
                            • Report size exceeded maximum capacity and may have missing behavior information.
                            • Report size exceeded maximum capacity and may have missing disassembly code.
                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                            • Report size getting too big, too many NtCreateFile calls found.
                            • Report size getting too big, too many NtCreateKey calls found.
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            03:00:58API Interceptor2x Sleep call for process: NEW ORDER- 4788467.exe modified
                            03:01:03API Interceptor28x Sleep call for process: powershell.exe modified
                            03:01:04API Interceptor4803392x Sleep call for process: remcos.exe modified
                            03:01:05API Interceptor2x Sleep call for process: mWrixkEbVc.exe modified
                            08:01:04Task SchedulerRun new task: mWrixkEbVc path: C:\Users\user\AppData\Roaming\mWrixkEbVc.exe
                            08:01:06AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Rmc-NJK093 "C:\ProgramData\Remcos\remcos.exe"
                            08:01:14AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Rmc-NJK093 "C:\ProgramData\Remcos\remcos.exe"
                            08:01:22AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Rmc-NJK093 "C:\ProgramData\Remcos\remcos.exe"

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            206.189.218.2382va9zrsXLd.exeGet hashmaliciousRemcosBrowse

                              Domains

                              No context

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              DIGITALOCEAN-ASNUSmipsel.elfGet hashmaliciousGafgytBrowse
                              • 139.59.211.214
                              https://msf-update.cloud/?rid=wDbmX0hGet hashmaliciousUnknownBrowse
                              • 162.243.5.136
                              https://floreslaherradura.com/?uid=a2FuZGVyc29uQGJxbGF3LmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                              • 167.71.91.68
                              https://pub-a652f10bc7cf485fb3baac4a6358c931.r2.dev/dreyflex.htmlGet hashmaliciousGabagoolBrowse
                              • 164.90.149.168
                              mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                              • 161.35.223.150
                              arm5.nn.elfGet hashmaliciousMirai, OkiruBrowse
                              • 95.85.30.215
                              dlr.arm7.elfGet hashmaliciousUnknownBrowse
                              • 138.197.188.56
                              dlr.mpsl.elfGet hashmaliciousUnknownBrowse
                              • 138.197.188.56
                              dlr.mips.elfGet hashmaliciousUnknownBrowse
                              • 138.197.188.56
                              dlr.arm6.elfGet hashmaliciousUnknownBrowse
                              • 138.197.188.56

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              No context

                              Created / dropped Files

                              C:\ProgramData\Remcos\logs.dat

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):466
                              Entropy (8bit):3.373098638976772
                              Encrypted:false
                              SSDEEP:12:6l7lsecTWFe5BWFe5BWItN25MMy4tN25MMl:67RcTWqBWqBWIt/My4t/Ml
                              MD5:492377334642944E81D94712D5D1357D
                              SHA1:A14DCC45DDA4EB4454EF2B9C44BD281F46B853D0
                              SHA-256:BDF3291DE8C0DDF2DF9862CB0A85E43A3B98708788AEF50AF4887538ED64DBBC
                              SHA-512:ADBBD4BA42F020EE9A66E756F63AEACEDAC124D11B5D4891F6576442A5689CC4CB3BD41AA4CE1EAF7DDF9F2010AEADEA348CB61F0AC5BC3A780E843FF055FD40
                              Malicious:true
                              Yara Hits:
                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: C:\ProgramData\Remcos\logs.dat, Author: Joe Security
                              Preview:....[.2.0.2.4./.1.1./.2.1. .0.3.:.0.1.:.0.8. .O.f.f.l.i.n.e. .K.e.y.l.o.g.g.e.r. .S.t.a.r.t.e.d.].........[.R.u.n.].........[.P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....[.W.i.n.].r.....[.R.u.n.].........[.P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....[.W.i.n.].r.....[.R.u.n.].........[.P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].........{. .U.s.e.r. .h.a.s. .b.e.e.n. .i.d.l.e. .f.o.r. .0. .m.i.n.u.t.e.s. .}.........{. .U.s.e.r. .h.a.s. .b.e.e.n. .i.d.l.e. .f.o.r. .0. .m.i.n.u.t.e.s. .}.....

                              C:\ProgramData\Remcos\remcos.exe

                              Download File
                              Process:C:\Users\user\Desktop\NEW ORDER- 4788467.exe
                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Category:dropped
                              Size (bytes):929792
                              Entropy (8bit):7.96424646745905
                              Encrypted:false
                              SSDEEP:24576:Nqho7Y33wd4D5N4UmVFruPkMKXbY31qKblvh:y1Hwd4FN4UoFqjKXboTp5
                              MD5:1CB86400147C835AF58017F0474C5BCC
                              SHA1:AC285CB623BF292341068DEAD954CFED9A1F8C81
                              SHA-256:C35B10FC350209EC356B48282D85B18D9B9AB5C0167DC88461297906602E3D61
                              SHA-512:CE74F39D092B13570F9387E5D43CED748DEA9557E8887FC072694A2CF448B2C4CF741DB3E76D551EBEF3511B906AE1CBE0FE670F8968E51D1441982EC73B9B0C
                              Malicious:true
                              Antivirus:
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: ReversingLabs, Detection: 68%
                              • Antivirus: Virustotal, Detection: 44%, Browse
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....m<g..............0..$...........C... ...`....@.. ....................................@.................................CC..O....`..L...........................@"..T............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...L....`.......&..............@..@.reloc..............................@..B................wC......H........}...O......i.......8U...........................................0..$..........s......s.....s ......o!...&..+..*.0..)........s\....s.......o[...s......o".......+...*....0..+........s\....r...p.(#......o[...s......o$....+..*..0..0........s\....rC..p.r...p(%......o[...s......o$....+..*.0...........s\.......O...%.r...p.%...%.r...p.%...%.r...p.%....%.r!..p.%....%.r;..p.%.....%..rU..p.%.....%..ry..p.%....%..r...p.(&......o[...s.......o$...&r...p('...&......o(...('...&...*.

                              C:\ProgramData\Remcos\remcos.exe:Zone.Identifier

                              Download File
                              Process:C:\Users\user\Desktop\NEW ORDER- 4788467.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:modified
                              Size (bytes):26
                              Entropy (8bit):3.95006375643621
                              Encrypted:false
                              SSDEEP:3:ggPYV:rPYV
                              MD5:187F488E27DB4AF347237FE461A079AD
                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                              Malicious:true
                              Preview:[ZoneTransfer]....ZoneId=0

                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NEW ORDER- 4788467.exe.log

                              Download File
                              Process:C:\Users\user\Desktop\NEW ORDER- 4788467.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):1216
                              Entropy (8bit):5.34331486778365
                              Encrypted:false
                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                              Malicious:true
                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\mWrixkEbVc.exe.log

                              Download File
                              Process:C:\Users\user\AppData\Roaming\mWrixkEbVc.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):1216
                              Entropy (8bit):5.34331486778365
                              Encrypted:false
                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                              Malicious:false
                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\remcos.exe.log

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):1216
                              Entropy (8bit):5.34331486778365
                              Encrypted:false
                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                              Malicious:false
                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                              Download File
                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):2232
                              Entropy (8bit):5.381368395106955
                              Encrypted:false
                              SSDEEP:48:JWSU4xymI4RfoUeW+gZ9tK8NPZHUxL7u1iMugeC/ZPUyus:JLHxvIIwLgZ2KRHWLOug8s
                              MD5:43DAE3660F7C1938F6DFE3228DF03A54
                              SHA1:5697F6C229D8190EE7481D12410F774E6BF0719A
                              SHA-256:EE5A817623D27B9B4F71F369E08423449E602700EBFBF3945791BB61079A909E
                              SHA-512:C8D66055C918516F12B0D62B707690B51680845F808131B419F4C949DE10DFB490AC5D57F32A965233CCA2D4D3AFCF5C512D2E62E7E699B41F4DED4DCDADAA1F
                              Malicious:false
                              Preview:@...e.................................:..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_032xajou.4ek.ps1

                              Download File
                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3csxqxrb.cvf.psm1

                              Download File
                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5ej1s4uv.nj3.psm1

                              Download File
                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qew5erz2.l20.psm1

                              Download File
                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w4qbcv5c.40g.ps1

                              Download File
                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yiuuhtse.0ip.ps1

                              Download File
                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yjp2xbwz.r4t.ps1

                              Download File
                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zuf2yemt.hhp.psm1

                              Download File
                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\tmp23E1.tmp

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:XML 1.0 document, ASCII text
                              Category:dropped
                              Size (bytes):1569
                              Entropy (8bit):5.0857030316905485
                              Encrypted:false
                              SSDEEP:48:cge2oHr8YrFdOFzOzN33ODOiDdKrsuTew9v:HeLwYrFdOFzOz6dKrsuqK
                              MD5:D63D6A86F15F6FBA4CF6518A9ADD7EF2
                              SHA1:A5B4B2CA438102F0A656C817FF36859FFEFAC90B
                              SHA-256:73A6BDD7C0BDCEDE926C64BD2B0090BB0B7C7E29238F77532BFE891AF7B18318
                              SHA-512:F214B6ED0977E7DC6E78F93C2C3B82F9E39B426FFA5CF2A982F078DFD15ED49D3C0CD5B560D05C9E3A6BFA24B8403E285D5B6D99DBC30C8C4F10A8D15C332AB8
                              Malicious:false
                              Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvailable>f

                              C:\Users\user\AppData\Local\Temp\tmp414.tmp

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:XML 1.0 document, ASCII text
                              Category:dropped
                              Size (bytes):1569
                              Entropy (8bit):5.0857030316905485
                              Encrypted:false
                              SSDEEP:48:cge2oHr8YrFdOFzOzN33ODOiDdKrsuTew9v:HeLwYrFdOFzOz6dKrsuqK
                              MD5:D63D6A86F15F6FBA4CF6518A9ADD7EF2
                              SHA1:A5B4B2CA438102F0A656C817FF36859FFEFAC90B
                              SHA-256:73A6BDD7C0BDCEDE926C64BD2B0090BB0B7C7E29238F77532BFE891AF7B18318
                              SHA-512:F214B6ED0977E7DC6E78F93C2C3B82F9E39B426FFA5CF2A982F078DFD15ED49D3C0CD5B560D05C9E3A6BFA24B8403E285D5B6D99DBC30C8C4F10A8D15C332AB8
                              Malicious:false
                              Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvailable>f

                              C:\Users\user\AppData\Local\Temp\tmp42D3.tmp

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:XML 1.0 document, ASCII text
                              Category:dropped
                              Size (bytes):1569
                              Entropy (8bit):5.0857030316905485
                              Encrypted:false
                              SSDEEP:48:cge2oHr8YrFdOFzOzN33ODOiDdKrsuTew9v:HeLwYrFdOFzOz6dKrsuqK
                              MD5:D63D6A86F15F6FBA4CF6518A9ADD7EF2
                              SHA1:A5B4B2CA438102F0A656C817FF36859FFEFAC90B
                              SHA-256:73A6BDD7C0BDCEDE926C64BD2B0090BB0B7C7E29238F77532BFE891AF7B18318
                              SHA-512:F214B6ED0977E7DC6E78F93C2C3B82F9E39B426FFA5CF2A982F078DFD15ED49D3C0CD5B560D05C9E3A6BFA24B8403E285D5B6D99DBC30C8C4F10A8D15C332AB8
                              Malicious:false
                              Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvailable>f

                              C:\Users\user\AppData\Local\Temp\tmpC42D.tmp

                              Download File
                              Process:C:\Users\user\Desktop\NEW ORDER- 4788467.exe
                              File Type:XML 1.0 document, ASCII text
                              Category:dropped
                              Size (bytes):1569
                              Entropy (8bit):5.0857030316905485
                              Encrypted:false
                              SSDEEP:48:cge2oHr8YrFdOFzOzN33ODOiDdKrsuTew9v:HeLwYrFdOFzOz6dKrsuqK
                              MD5:D63D6A86F15F6FBA4CF6518A9ADD7EF2
                              SHA1:A5B4B2CA438102F0A656C817FF36859FFEFAC90B
                              SHA-256:73A6BDD7C0BDCEDE926C64BD2B0090BB0B7C7E29238F77532BFE891AF7B18318
                              SHA-512:F214B6ED0977E7DC6E78F93C2C3B82F9E39B426FFA5CF2A982F078DFD15ED49D3C0CD5B560D05C9E3A6BFA24B8403E285D5B6D99DBC30C8C4F10A8D15C332AB8
                              Malicious:true
                              Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvailable>f

                              C:\Users\user\AppData\Local\Temp\tmpD8DE.tmp

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:XML 1.0 document, ASCII text
                              Category:dropped
                              Size (bytes):1569
                              Entropy (8bit):5.0857030316905485
                              Encrypted:false
                              SSDEEP:48:cge2oHr8YrFdOFzOzN33ODOiDdKrsuTew9v:HeLwYrFdOFzOz6dKrsuqK
                              MD5:D63D6A86F15F6FBA4CF6518A9ADD7EF2
                              SHA1:A5B4B2CA438102F0A656C817FF36859FFEFAC90B
                              SHA-256:73A6BDD7C0BDCEDE926C64BD2B0090BB0B7C7E29238F77532BFE891AF7B18318
                              SHA-512:F214B6ED0977E7DC6E78F93C2C3B82F9E39B426FFA5CF2A982F078DFD15ED49D3C0CD5B560D05C9E3A6BFA24B8403E285D5B6D99DBC30C8C4F10A8D15C332AB8
                              Malicious:false
                              Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvailable>f

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_030108.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151610
                              Entropy (8bit):7.913890566238969
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4VDVp1vZXKQklb:6QzDUjVXJ5WoOPxV6
                              MD5:7C2C121FB1091B916C82F222507C9DED
                              SHA1:1B97173C564B8128B0630EA25A76634E32D03A10
                              SHA-256:1AFC92B28C9B6D1D014F71E70BDBA5E3C929AD1C53C53AC0AC18BE2C8D406115
                              SHA-512:820CE81F62AE0D5110E9A4BEEF90F98F26D6365126B95A960E5A668660B2457E3D34C3B42573CC8EEF5851697480640B33A888AC761180E4E06FA5B80412423E
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_030208.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151610
                              Entropy (8bit):7.913890566238969
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4VDVp1vZXKQklb:6QzDUjVXJ5WoOPxV6
                              MD5:7C2C121FB1091B916C82F222507C9DED
                              SHA1:1B97173C564B8128B0630EA25A76634E32D03A10
                              SHA-256:1AFC92B28C9B6D1D014F71E70BDBA5E3C929AD1C53C53AC0AC18BE2C8D406115
                              SHA-512:820CE81F62AE0D5110E9A4BEEF90F98F26D6365126B95A960E5A668660B2457E3D34C3B42573CC8EEF5851697480640B33A888AC761180E4E06FA5B80412423E
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_030309.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151610
                              Entropy (8bit):7.913890566238969
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4VDVp1vZXKQklb:6QzDUjVXJ5WoOPxV6
                              MD5:7C2C121FB1091B916C82F222507C9DED
                              SHA1:1B97173C564B8128B0630EA25A76634E32D03A10
                              SHA-256:1AFC92B28C9B6D1D014F71E70BDBA5E3C929AD1C53C53AC0AC18BE2C8D406115
                              SHA-512:820CE81F62AE0D5110E9A4BEEF90F98F26D6365126B95A960E5A668660B2457E3D34C3B42573CC8EEF5851697480640B33A888AC761180E4E06FA5B80412423E
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_030409.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151683
                              Entropy (8bit):7.91525045583262
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4W+b0o2mpc:6QzDUjVXJ5WoOtBe
                              MD5:6BFBDEB4B8DA59072DE17E0FD8D3A6DD
                              SHA1:FAD13E33A1649C820C5103E2A869F201FF201A0D
                              SHA-256:86B609C739EDAF5FFE98C45720F9C55923C99A8B648A35465F6254ACD9DDD265
                              SHA-512:57C0665ADA351F393C2F5FFA7FCF9247C532718AEF5D99D16A835E866BCF1F26409831B42B3CD40F227DA989250890E73D202564A09118FD736257ECB1D0DE03
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_030509.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151683
                              Entropy (8bit):7.91525045583262
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4W+b0o2mpc:6QzDUjVXJ5WoOtBe
                              MD5:6BFBDEB4B8DA59072DE17E0FD8D3A6DD
                              SHA1:FAD13E33A1649C820C5103E2A869F201FF201A0D
                              SHA-256:86B609C739EDAF5FFE98C45720F9C55923C99A8B648A35465F6254ACD9DDD265
                              SHA-512:57C0665ADA351F393C2F5FFA7FCF9247C532718AEF5D99D16A835E866BCF1F26409831B42B3CD40F227DA989250890E73D202564A09118FD736257ECB1D0DE03
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_030609.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151683
                              Entropy (8bit):7.91525045583262
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4W+b0o2mpc:6QzDUjVXJ5WoOtBe
                              MD5:6BFBDEB4B8DA59072DE17E0FD8D3A6DD
                              SHA1:FAD13E33A1649C820C5103E2A869F201FF201A0D
                              SHA-256:86B609C739EDAF5FFE98C45720F9C55923C99A8B648A35465F6254ACD9DDD265
                              SHA-512:57C0665ADA351F393C2F5FFA7FCF9247C532718AEF5D99D16A835E866BCF1F26409831B42B3CD40F227DA989250890E73D202564A09118FD736257ECB1D0DE03
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_030709.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151610
                              Entropy (8bit):7.913890566238969
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4VDVp1vZXKQklb:6QzDUjVXJ5WoOPxV6
                              MD5:7C2C121FB1091B916C82F222507C9DED
                              SHA1:1B97173C564B8128B0630EA25A76634E32D03A10
                              SHA-256:1AFC92B28C9B6D1D014F71E70BDBA5E3C929AD1C53C53AC0AC18BE2C8D406115
                              SHA-512:820CE81F62AE0D5110E9A4BEEF90F98F26D6365126B95A960E5A668660B2457E3D34C3B42573CC8EEF5851697480640B33A888AC761180E4E06FA5B80412423E
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_030809.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151610
                              Entropy (8bit):7.913890566238969
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4VDVp1vZXKQklb:6QzDUjVXJ5WoOPxV6
                              MD5:7C2C121FB1091B916C82F222507C9DED
                              SHA1:1B97173C564B8128B0630EA25A76634E32D03A10
                              SHA-256:1AFC92B28C9B6D1D014F71E70BDBA5E3C929AD1C53C53AC0AC18BE2C8D406115
                              SHA-512:820CE81F62AE0D5110E9A4BEEF90F98F26D6365126B95A960E5A668660B2457E3D34C3B42573CC8EEF5851697480640B33A888AC761180E4E06FA5B80412423E
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_030909.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152078
                              Entropy (8bit):7.912530115857564
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgfdVvI5oUsyM6VU/mvpQA+klb:6QzDUjVXg4oUsyM6lpQ6
                              MD5:C01718385D3C9F2B3F013DD0FE24D91E
                              SHA1:6D3A6F35CA090BBDAE85879E8602806A1BD33A1E
                              SHA-256:A022FCA583F61FC7B9D6696405EAE51F9DFA95F6DE9293AD497FEBA3E11395DA
                              SHA-512:674FFB7CED89765DB58EFCA989E4F221CF74BF23D645576639414EA9095BADA23455A9ABC53FC14ED8D7665D212426FEB5010BBBD6939F92B6BC9C39481EBECA
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_031009.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151974
                              Entropy (8bit):7.914523901805331
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1AxhEK+f9tgOBVJ8Vtmj6oOq4W+b0oXx:6QzDUhQf9J5WoOtNx
                              MD5:B6154A40041B53AC097BBBEB4DC0D828
                              SHA1:B94ED317B3F2DCD887B9B233F1ACD62DA536653B
                              SHA-256:9BE7D704602B7385F9B47463C150DAD107684008F487D2857FAC2B2BB8A38870
                              SHA-512:A1E2B6019AD038E42943255A476890958E5CA450F6A447275DA572268DBA0BDDF26E9C0A1B636E8715639265F988AD605F8B21B79B049A0210031692B8354EA2
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_031110.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151482
                              Entropy (8bit):7.913807642874633
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4VDVp1vvpQA+klb:6QzDUjVXJ5WoOPxjpQ6
                              MD5:16A6EA07A38A1A4C3166BA6ECEDC5AB0
                              SHA1:044506CC408652BD4F35C44E9891CFAA191EF32C
                              SHA-256:8EF969C1ECEB5DEB5F2869904A39B6DC7C9191E57DF6DC5C448499B6F11F7E52
                              SHA-512:2646C62D15839F046601170DD95DB7A7EF979303E1D00B531A3AF7A350C9AC69D5EE3E40A60B3ED1AF56D470C08AD39AA7F90D1B534FCA724215BA5600BE15DB
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_031210.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151482
                              Entropy (8bit):7.913807642874633
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4VDVp1vvpQA+klb:6QzDUjVXJ5WoOPxjpQ6
                              MD5:16A6EA07A38A1A4C3166BA6ECEDC5AB0
                              SHA1:044506CC408652BD4F35C44E9891CFAA191EF32C
                              SHA-256:8EF969C1ECEB5DEB5F2869904A39B6DC7C9191E57DF6DC5C448499B6F11F7E52
                              SHA-512:2646C62D15839F046601170DD95DB7A7EF979303E1D00B531A3AF7A350C9AC69D5EE3E40A60B3ED1AF56D470C08AD39AA7F90D1B534FCA724215BA5600BE15DB
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_031310.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151482
                              Entropy (8bit):7.913807642874633
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4VDVp1vvpQA+klb:6QzDUjVXJ5WoOPxjpQ6
                              MD5:16A6EA07A38A1A4C3166BA6ECEDC5AB0
                              SHA1:044506CC408652BD4F35C44E9891CFAA191EF32C
                              SHA-256:8EF969C1ECEB5DEB5F2869904A39B6DC7C9191E57DF6DC5C448499B6F11F7E52
                              SHA-512:2646C62D15839F046601170DD95DB7A7EF979303E1D00B531A3AF7A350C9AC69D5EE3E40A60B3ED1AF56D470C08AD39AA7F90D1B534FCA724215BA5600BE15DB
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_031410.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151531
                              Entropy (8bit):7.915325702032496
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4W+b0oXx:6QzDUjVXJ5WoOtNx
                              MD5:F31443E17ACED5565976490760242509
                              SHA1:2086952216BE52B0F68993BCB8E21AE76197A4BC
                              SHA-256:E3DF56DEEDC08039557F76FBE2028CC6312583C508154B31EB960675E423F36D
                              SHA-512:142DE877C0CFB4FA1A9518435AD6A62DCF2053F877C6B8D26231C13F7BFA19AA574A540B624C4B4158A74A170A322029BC07C6A6DF998E9BF44A7C68A35BAD70
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_031510.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154222
                              Entropy (8bit):7.9162354425944095
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4xqP0oXx:6QzDUjVXJ5WoODSx
                              MD5:CBC92818A09E15863B3A2A9E978BA913
                              SHA1:57DA9CFBDD28031A95FE2A4652D56D907E9052BC
                              SHA-256:654FB3E75D7D2CAFADCD35726BA6134EA1757E2A50D5FBD4AE1BFE4A5E92F74E
                              SHA-512:329A56FE2718A5AEFED619CA3839BFB97F169812D140DE13D0458A3E07E04845D8974434E3EF937FB9A05FFAA11B0C354544C6ED61DDD3A3F37F38323C7B7F81
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_031610.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154222
                              Entropy (8bit):7.9162354425944095
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4xqP0oXx:6QzDUjVXJ5WoODSx
                              MD5:CBC92818A09E15863B3A2A9E978BA913
                              SHA1:57DA9CFBDD28031A95FE2A4652D56D907E9052BC
                              SHA-256:654FB3E75D7D2CAFADCD35726BA6134EA1757E2A50D5FBD4AE1BFE4A5E92F74E
                              SHA-512:329A56FE2718A5AEFED619CA3839BFB97F169812D140DE13D0458A3E07E04845D8974434E3EF937FB9A05FFAA11B0C354544C6ED61DDD3A3F37F38323C7B7F81
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_031710.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154222
                              Entropy (8bit):7.9162354425944095
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4xqP0oXx:6QzDUjVXJ5WoODSx
                              MD5:CBC92818A09E15863B3A2A9E978BA913
                              SHA1:57DA9CFBDD28031A95FE2A4652D56D907E9052BC
                              SHA-256:654FB3E75D7D2CAFADCD35726BA6134EA1757E2A50D5FBD4AE1BFE4A5E92F74E
                              SHA-512:329A56FE2718A5AEFED619CA3839BFB97F169812D140DE13D0458A3E07E04845D8974434E3EF937FB9A05FFAA11B0C354544C6ED61DDD3A3F37F38323C7B7F81
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_031810.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154134
                              Entropy (8bit):7.916504942354431
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4UXVp1vvpQA+klb:6QzDUjVXJ5WoOUjpQ6
                              MD5:656C57933393BC399AFEB0CC417F16FD
                              SHA1:FA40EE318949564C18D1E81CF5DCD4FD28286D85
                              SHA-256:9E83D769BB95A143CEB72D4A31C226520AF90D7F3B71EFC58904DB8B460B7E79
                              SHA-512:5E141782590267A2C1B273C62908C8FFF6547F22CB84DC140B7D83A876F271DA9949E1D6D9D238EFE9BDFD75DF94C524CDC16E85B962E12742372DFF650527F8
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_031910.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):159505
                              Entropy (8bit):7.914760600104103
                              Encrypted:false
                              SSDEEP:3072:GBbiPD1oVcAuQ1IlajnZxih5QezuKpv0k+/5V7xrVSUKSA8lb:gbeR+zuLsjZMtuq4v7rSU/
                              MD5:40C5665DD0069D66A53478FE39EC308E
                              SHA1:8BEB12CCCED627522A5CAFD5168318D90C4E9A72
                              SHA-256:9AA239DB7245C9EE69568D4ECC0523DB0B939528DFD5462AD4B868F715E945DB
                              SHA-512:D7DEF71FDDDC4268F871CB981A0500DE937B32965541DE6F9240DBBB8F5036DE006C438813E6FFC1F079D2E3DA3F6B7236F6C30134B71C5EDA9C4662B803A572
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_032010.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):160871
                              Entropy (8bit):7.913476595579357
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpdUUK1ne0i/jPpQpmJ:++yjvM1nSrCBwjvCnene0UjPpvJ
                              MD5:FBC3473302D3DA839315DDD9EEAA9957
                              SHA1:6D60812BB1017EE63EFF5CF79964DBD6C41C3B27
                              SHA-256:2B5766A0B211344B144F890412AB807E40A22C68FD2DE7FBBA9CF0BD39C1D589
                              SHA-512:4054F2A609B161654CF9645E8297D5D8C1EDD79E34F5B98A7CD33C545239E1D3AB0123915F2782A39BE80A78C62A6F8AEA88C65A5A26F2BEB6495726F5D92E20
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_032111.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):160871
                              Entropy (8bit):7.913476595579357
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpdUUK1ne0i/jPpQpmJ:++yjvM1nSrCBwjvCnene0UjPpvJ
                              MD5:FBC3473302D3DA839315DDD9EEAA9957
                              SHA1:6D60812BB1017EE63EFF5CF79964DBD6C41C3B27
                              SHA-256:2B5766A0B211344B144F890412AB807E40A22C68FD2DE7FBBA9CF0BD39C1D589
                              SHA-512:4054F2A609B161654CF9645E8297D5D8C1EDD79E34F5B98A7CD33C545239E1D3AB0123915F2782A39BE80A78C62A6F8AEA88C65A5A26F2BEB6495726F5D92E20
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_032211.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152641
                              Entropy (8bit):7.9199167781812125
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj61HfsGqYu5nQq:6QzDUjVXJ5WhfrqTQq
                              MD5:066FABBFEEDD820781C25C072B84A602
                              SHA1:F64DF88F4B4F39F7358D6163E7349773C77531AF
                              SHA-256:6BDED77CAFAA9610A118E5F4AFF3E465BDC2620F1443A7C970DB4D2904E6F09D
                              SHA-512:5731CA9DA3A1F8FC2296EB4E3AB5A9BD4D85E46BDFC20BD88A962A8D9E8207965739C4AD895917FBAA1AD5857B0FCADB74B6A5456690C36325FEAF1C98FC1BF2
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_032311.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152641
                              Entropy (8bit):7.9199167781812125
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj61HfsGqYu5nQq:6QzDUjVXJ5WhfrqTQq
                              MD5:066FABBFEEDD820781C25C072B84A602
                              SHA1:F64DF88F4B4F39F7358D6163E7349773C77531AF
                              SHA-256:6BDED77CAFAA9610A118E5F4AFF3E465BDC2620F1443A7C970DB4D2904E6F09D
                              SHA-512:5731CA9DA3A1F8FC2296EB4E3AB5A9BD4D85E46BDFC20BD88A962A8D9E8207965739C4AD895917FBAA1AD5857B0FCADB74B6A5456690C36325FEAF1C98FC1BF2
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_032411.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152641
                              Entropy (8bit):7.9199167781812125
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj61HfsGqYu5nQq:6QzDUjVXJ5WhfrqTQq
                              MD5:066FABBFEEDD820781C25C072B84A602
                              SHA1:F64DF88F4B4F39F7358D6163E7349773C77531AF
                              SHA-256:6BDED77CAFAA9610A118E5F4AFF3E465BDC2620F1443A7C970DB4D2904E6F09D
                              SHA-512:5731CA9DA3A1F8FC2296EB4E3AB5A9BD4D85E46BDFC20BD88A962A8D9E8207965739C4AD895917FBAA1AD5857B0FCADB74B6A5456690C36325FEAF1C98FC1BF2
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_032511.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152641
                              Entropy (8bit):7.9199167781812125
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj61HfsGqYu5nQq:6QzDUjVXJ5WhfrqTQq
                              MD5:066FABBFEEDD820781C25C072B84A602
                              SHA1:F64DF88F4B4F39F7358D6163E7349773C77531AF
                              SHA-256:6BDED77CAFAA9610A118E5F4AFF3E465BDC2620F1443A7C970DB4D2904E6F09D
                              SHA-512:5731CA9DA3A1F8FC2296EB4E3AB5A9BD4D85E46BDFC20BD88A962A8D9E8207965739C4AD895917FBAA1AD5857B0FCADB74B6A5456690C36325FEAF1C98FC1BF2
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_032611.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152641
                              Entropy (8bit):7.9199167781812125
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj61HfsGqYu5nQq:6QzDUjVXJ5WhfrqTQq
                              MD5:066FABBFEEDD820781C25C072B84A602
                              SHA1:F64DF88F4B4F39F7358D6163E7349773C77531AF
                              SHA-256:6BDED77CAFAA9610A118E5F4AFF3E465BDC2620F1443A7C970DB4D2904E6F09D
                              SHA-512:5731CA9DA3A1F8FC2296EB4E3AB5A9BD4D85E46BDFC20BD88A962A8D9E8207965739C4AD895917FBAA1AD5857B0FCADB74B6A5456690C36325FEAF1C98FC1BF2
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_032711.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152641
                              Entropy (8bit):7.9199167781812125
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj61HfsGqYu5nQq:6QzDUjVXJ5WhfrqTQq
                              MD5:066FABBFEEDD820781C25C072B84A602
                              SHA1:F64DF88F4B4F39F7358D6163E7349773C77531AF
                              SHA-256:6BDED77CAFAA9610A118E5F4AFF3E465BDC2620F1443A7C970DB4D2904E6F09D
                              SHA-512:5731CA9DA3A1F8FC2296EB4E3AB5A9BD4D85E46BDFC20BD88A962A8D9E8207965739C4AD895917FBAA1AD5857B0FCADB74B6A5456690C36325FEAF1C98FC1BF2
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_032811.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152641
                              Entropy (8bit):7.9199167781812125
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj61HfsGqYu5nQq:6QzDUjVXJ5WhfrqTQq
                              MD5:066FABBFEEDD820781C25C072B84A602
                              SHA1:F64DF88F4B4F39F7358D6163E7349773C77531AF
                              SHA-256:6BDED77CAFAA9610A118E5F4AFF3E465BDC2620F1443A7C970DB4D2904E6F09D
                              SHA-512:5731CA9DA3A1F8FC2296EB4E3AB5A9BD4D85E46BDFC20BD88A962A8D9E8207965739C4AD895917FBAA1AD5857B0FCADB74B6A5456690C36325FEAF1C98FC1BF2
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_032911.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152843
                              Entropy (8bit):7.919563707842703
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6opbfwt8mlmojA:6QzDUjVXJ5Wohfdoc
                              MD5:6D5F90B632EB30AC9CD1BEB0DF81985B
                              SHA1:1E487E180FEC686BC91814AC89656BCD0477A031
                              SHA-256:25DD4B73C2EA24D97FC44F6766D72B2275A20BD21CE1FC2A6ACA6C1A49A64ACE
                              SHA-512:A50AA76C3CF13BEF0A916F53CF4D78E053A3059E5ED969C19D9AC705E73CDED7851B1C53795894875DB37DF60E19C04C893F1127FF9E517D83853C39FB8ABCC6
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_033012.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):153497
                              Entropy (8bit):7.92082517033253
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6XrCSUiFzOV9db:6QzDUjVXJ5WXr0YIzb
                              MD5:E6246BB06EC6AA8542C2DE0F0140369C
                              SHA1:EB569A97857588B8FEEC4D2CD3D68DBA59FA96B8
                              SHA-256:FD42779F1B92E71C14F6596D6A555605CC107DB5F17BFC0D8C64F7BFCD5D84C0
                              SHA-512:4FD11724186D8190F009E7F928EA84875C53F38A24DBC0943915400C06CB53FE48FD95AD457BFAA229536353743FC63951D984965FCF676EA7F1A90D55E1B142
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_033112.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151655
                              Entropy (8bit):7.914462013256662
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOEfyd6Vp1vvpQA+klb:6QzDUjVXJ5WoOEfZjpQ6
                              MD5:DC349DF4690BA8B63ED5AB9D227D4C3D
                              SHA1:D00BDC470DB1F5AE3A3538881325C1E04C709A0A
                              SHA-256:8E2C255BF58071C05247B67A28AB1E18E5778AF6D11F82FCC773A73C508C923E
                              SHA-512:40301428D973CC7D66C394FB094BB7B168767E816C6FE0487B9C67465CFF83F6F7B8F06526448B5E2A498874F668C425D54929D0508252C1649F3B9AD01430CC
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_033212.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151742
                              Entropy (8bit):7.914952609377357
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4W+Dr/bc4FR:6QzDUjVXJ5WoOtHomR
                              MD5:089FECC977C2DEE6613C3ABBEEF37D72
                              SHA1:52BAC0043A522A424E66C603CA99E8AA77C74264
                              SHA-256:AB7802FDCC96369CD076F2261D6DA37166DCEA24C655D815915CA0899644AEF7
                              SHA-512:7F7ECA121B194D2082950D18F9E985D5D011102B85BD61BAD530BFD70ECDBF469F8030FC3BBCF5B42BD034DBEA2E5F2601A6FB705F1E880ADE80D2702F39673D
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_033312.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151737
                              Entropy (8bit):7.913489742427787
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4VDVpuciS4m:6QzDUjVXJ5WoOPx+C
                              MD5:747C28018400EFB99E083177F73C6766
                              SHA1:28638AC0E383CC2CB9952796A61E03838BE9EDA8
                              SHA-256:114A44943D2E2164754E71D97E500A682D84FAC0A7028B1404AB549A6D8A42F3
                              SHA-512:B9C597E54EA735B83D3F0228B4979A64F1E477ECB04FD496E8FDC5608416479CE5DDA6D74347DD0C0230C78E81613DA896956CEC0344CC55071BAD4DBE3C0683
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_033412.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151482
                              Entropy (8bit):7.913807642874633
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4VDVp1vvpQA+klb:6QzDUjVXJ5WoOPxjpQ6
                              MD5:16A6EA07A38A1A4C3166BA6ECEDC5AB0
                              SHA1:044506CC408652BD4F35C44E9891CFAA191EF32C
                              SHA-256:8EF969C1ECEB5DEB5F2869904A39B6DC7C9191E57DF6DC5C448499B6F11F7E52
                              SHA-512:2646C62D15839F046601170DD95DB7A7EF979303E1D00B531A3AF7A350C9AC69D5EE3E40A60B3ED1AF56D470C08AD39AA7F90D1B534FCA724215BA5600BE15DB
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_033512.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151531
                              Entropy (8bit):7.915325702032496
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4W+b0oXx:6QzDUjVXJ5WoOtNx
                              MD5:F31443E17ACED5565976490760242509
                              SHA1:2086952216BE52B0F68993BCB8E21AE76197A4BC
                              SHA-256:E3DF56DEEDC08039557F76FBE2028CC6312583C508154B31EB960675E423F36D
                              SHA-512:142DE877C0CFB4FA1A9518435AD6A62DCF2053F877C6B8D26231C13F7BFA19AA574A540B624C4B4158A74A170A322029BC07C6A6DF998E9BF44A7C68A35BAD70
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_033613.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151531
                              Entropy (8bit):7.915325702032496
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4W+b0oXx:6QzDUjVXJ5WoOtNx
                              MD5:F31443E17ACED5565976490760242509
                              SHA1:2086952216BE52B0F68993BCB8E21AE76197A4BC
                              SHA-256:E3DF56DEEDC08039557F76FBE2028CC6312583C508154B31EB960675E423F36D
                              SHA-512:142DE877C0CFB4FA1A9518435AD6A62DCF2053F877C6B8D26231C13F7BFA19AA574A540B624C4B4158A74A170A322029BC07C6A6DF998E9BF44A7C68A35BAD70
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_033713.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151531
                              Entropy (8bit):7.915325702032496
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4W+b0oXx:6QzDUjVXJ5WoOtNx
                              MD5:F31443E17ACED5565976490760242509
                              SHA1:2086952216BE52B0F68993BCB8E21AE76197A4BC
                              SHA-256:E3DF56DEEDC08039557F76FBE2028CC6312583C508154B31EB960675E423F36D
                              SHA-512:142DE877C0CFB4FA1A9518435AD6A62DCF2053F877C6B8D26231C13F7BFA19AA574A540B624C4B4158A74A170A322029BC07C6A6DF998E9BF44A7C68A35BAD70
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_033813.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151482
                              Entropy (8bit):7.913807642874633
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4VDVp1vvpQA+klb:6QzDUjVXJ5WoOPxjpQ6
                              MD5:16A6EA07A38A1A4C3166BA6ECEDC5AB0
                              SHA1:044506CC408652BD4F35C44E9891CFAA191EF32C
                              SHA-256:8EF969C1ECEB5DEB5F2869904A39B6DC7C9191E57DF6DC5C448499B6F11F7E52
                              SHA-512:2646C62D15839F046601170DD95DB7A7EF979303E1D00B531A3AF7A350C9AC69D5EE3E40A60B3ED1AF56D470C08AD39AA7F90D1B534FCA724215BA5600BE15DB
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_033913.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151482
                              Entropy (8bit):7.913807642874633
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4VDVp1vvpQA+klb:6QzDUjVXJ5WoOPxjpQ6
                              MD5:16A6EA07A38A1A4C3166BA6ECEDC5AB0
                              SHA1:044506CC408652BD4F35C44E9891CFAA191EF32C
                              SHA-256:8EF969C1ECEB5DEB5F2869904A39B6DC7C9191E57DF6DC5C448499B6F11F7E52
                              SHA-512:2646C62D15839F046601170DD95DB7A7EF979303E1D00B531A3AF7A350C9AC69D5EE3E40A60B3ED1AF56D470C08AD39AA7F90D1B534FCA724215BA5600BE15DB
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_034013.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151482
                              Entropy (8bit):7.913807642874633
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4VDVp1vvpQA+klb:6QzDUjVXJ5WoOPxjpQ6
                              MD5:16A6EA07A38A1A4C3166BA6ECEDC5AB0
                              SHA1:044506CC408652BD4F35C44E9891CFAA191EF32C
                              SHA-256:8EF969C1ECEB5DEB5F2869904A39B6DC7C9191E57DF6DC5C448499B6F11F7E52
                              SHA-512:2646C62D15839F046601170DD95DB7A7EF979303E1D00B531A3AF7A350C9AC69D5EE3E40A60B3ED1AF56D470C08AD39AA7F90D1B534FCA724215BA5600BE15DB
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_034113.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151531
                              Entropy (8bit):7.915325702032496
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4W+b0oXx:6QzDUjVXJ5WoOtNx
                              MD5:F31443E17ACED5565976490760242509
                              SHA1:2086952216BE52B0F68993BCB8E21AE76197A4BC
                              SHA-256:E3DF56DEEDC08039557F76FBE2028CC6312583C508154B31EB960675E423F36D
                              SHA-512:142DE877C0CFB4FA1A9518435AD6A62DCF2053F877C6B8D26231C13F7BFA19AA574A540B624C4B4158A74A170A322029BC07C6A6DF998E9BF44A7C68A35BAD70
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_034213.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151531
                              Entropy (8bit):7.915325702032496
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4W+b0oXx:6QzDUjVXJ5WoOtNx
                              MD5:F31443E17ACED5565976490760242509
                              SHA1:2086952216BE52B0F68993BCB8E21AE76197A4BC
                              SHA-256:E3DF56DEEDC08039557F76FBE2028CC6312583C508154B31EB960675E423F36D
                              SHA-512:142DE877C0CFB4FA1A9518435AD6A62DCF2053F877C6B8D26231C13F7BFA19AA574A540B624C4B4158A74A170A322029BC07C6A6DF998E9BF44A7C68A35BAD70
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_034313.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151531
                              Entropy (8bit):7.915325702032496
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4W+b0oXx:6QzDUjVXJ5WoOtNx
                              MD5:F31443E17ACED5565976490760242509
                              SHA1:2086952216BE52B0F68993BCB8E21AE76197A4BC
                              SHA-256:E3DF56DEEDC08039557F76FBE2028CC6312583C508154B31EB960675E423F36D
                              SHA-512:142DE877C0CFB4FA1A9518435AD6A62DCF2053F877C6B8D26231C13F7BFA19AA574A540B624C4B4158A74A170A322029BC07C6A6DF998E9BF44A7C68A35BAD70
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_034413.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151482
                              Entropy (8bit):7.913807642874633
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4VDVp1vvpQA+klb:6QzDUjVXJ5WoOPxjpQ6
                              MD5:16A6EA07A38A1A4C3166BA6ECEDC5AB0
                              SHA1:044506CC408652BD4F35C44E9891CFAA191EF32C
                              SHA-256:8EF969C1ECEB5DEB5F2869904A39B6DC7C9191E57DF6DC5C448499B6F11F7E52
                              SHA-512:2646C62D15839F046601170DD95DB7A7EF979303E1D00B531A3AF7A350C9AC69D5EE3E40A60B3ED1AF56D470C08AD39AA7F90D1B534FCA724215BA5600BE15DB
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_034513.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151482
                              Entropy (8bit):7.913807642874633
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4VDVp1vvpQA+klb:6QzDUjVXJ5WoOPxjpQ6
                              MD5:16A6EA07A38A1A4C3166BA6ECEDC5AB0
                              SHA1:044506CC408652BD4F35C44E9891CFAA191EF32C
                              SHA-256:8EF969C1ECEB5DEB5F2869904A39B6DC7C9191E57DF6DC5C448499B6F11F7E52
                              SHA-512:2646C62D15839F046601170DD95DB7A7EF979303E1D00B531A3AF7A350C9AC69D5EE3E40A60B3ED1AF56D470C08AD39AA7F90D1B534FCA724215BA5600BE15DB
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_034614.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151531
                              Entropy (8bit):7.915325702032496
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4W+b0oXx:6QzDUjVXJ5WoOtNx
                              MD5:F31443E17ACED5565976490760242509
                              SHA1:2086952216BE52B0F68993BCB8E21AE76197A4BC
                              SHA-256:E3DF56DEEDC08039557F76FBE2028CC6312583C508154B31EB960675E423F36D
                              SHA-512:142DE877C0CFB4FA1A9518435AD6A62DCF2053F877C6B8D26231C13F7BFA19AA574A540B624C4B4158A74A170A322029BC07C6A6DF998E9BF44A7C68A35BAD70
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_034714.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151531
                              Entropy (8bit):7.915325702032496
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4W+b0oXx:6QzDUjVXJ5WoOtNx
                              MD5:F31443E17ACED5565976490760242509
                              SHA1:2086952216BE52B0F68993BCB8E21AE76197A4BC
                              SHA-256:E3DF56DEEDC08039557F76FBE2028CC6312583C508154B31EB960675E423F36D
                              SHA-512:142DE877C0CFB4FA1A9518435AD6A62DCF2053F877C6B8D26231C13F7BFA19AA574A540B624C4B4158A74A170A322029BC07C6A6DF998E9BF44A7C68A35BAD70
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_034814.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151482
                              Entropy (8bit):7.913807642874633
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4VDVp1vvpQA+klb:6QzDUjVXJ5WoOPxjpQ6
                              MD5:16A6EA07A38A1A4C3166BA6ECEDC5AB0
                              SHA1:044506CC408652BD4F35C44E9891CFAA191EF32C
                              SHA-256:8EF969C1ECEB5DEB5F2869904A39B6DC7C9191E57DF6DC5C448499B6F11F7E52
                              SHA-512:2646C62D15839F046601170DD95DB7A7EF979303E1D00B531A3AF7A350C9AC69D5EE3E40A60B3ED1AF56D470C08AD39AA7F90D1B534FCA724215BA5600BE15DB
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_034914.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151482
                              Entropy (8bit):7.913807642874633
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4VDVp1vvpQA+klb:6QzDUjVXJ5WoOPxjpQ6
                              MD5:16A6EA07A38A1A4C3166BA6ECEDC5AB0
                              SHA1:044506CC408652BD4F35C44E9891CFAA191EF32C
                              SHA-256:8EF969C1ECEB5DEB5F2869904A39B6DC7C9191E57DF6DC5C448499B6F11F7E52
                              SHA-512:2646C62D15839F046601170DD95DB7A7EF979303E1D00B531A3AF7A350C9AC69D5EE3E40A60B3ED1AF56D470C08AD39AA7F90D1B534FCA724215BA5600BE15DB
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_035014.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151482
                              Entropy (8bit):7.913807642874633
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4VDVp1vvpQA+klb:6QzDUjVXJ5WoOPxjpQ6
                              MD5:16A6EA07A38A1A4C3166BA6ECEDC5AB0
                              SHA1:044506CC408652BD4F35C44E9891CFAA191EF32C
                              SHA-256:8EF969C1ECEB5DEB5F2869904A39B6DC7C9191E57DF6DC5C448499B6F11F7E52
                              SHA-512:2646C62D15839F046601170DD95DB7A7EF979303E1D00B531A3AF7A350C9AC69D5EE3E40A60B3ED1AF56D470C08AD39AA7F90D1B534FCA724215BA5600BE15DB
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_035114.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151531
                              Entropy (8bit):7.915325702032496
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4W+b0oXx:6QzDUjVXJ5WoOtNx
                              MD5:F31443E17ACED5565976490760242509
                              SHA1:2086952216BE52B0F68993BCB8E21AE76197A4BC
                              SHA-256:E3DF56DEEDC08039557F76FBE2028CC6312583C508154B31EB960675E423F36D
                              SHA-512:142DE877C0CFB4FA1A9518435AD6A62DCF2053F877C6B8D26231C13F7BFA19AA574A540B624C4B4158A74A170A322029BC07C6A6DF998E9BF44A7C68A35BAD70
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_035214.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151531
                              Entropy (8bit):7.915325702032496
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4W+b0oXx:6QzDUjVXJ5WoOtNx
                              MD5:F31443E17ACED5565976490760242509
                              SHA1:2086952216BE52B0F68993BCB8E21AE76197A4BC
                              SHA-256:E3DF56DEEDC08039557F76FBE2028CC6312583C508154B31EB960675E423F36D
                              SHA-512:142DE877C0CFB4FA1A9518435AD6A62DCF2053F877C6B8D26231C13F7BFA19AA574A540B624C4B4158A74A170A322029BC07C6A6DF998E9BF44A7C68A35BAD70
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_035314.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154222
                              Entropy (8bit):7.9162354425944095
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6oOq4xqP0oXx:6QzDUjVXJ5WoODSx
                              MD5:CBC92818A09E15863B3A2A9E978BA913
                              SHA1:57DA9CFBDD28031A95FE2A4652D56D907E9052BC
                              SHA-256:654FB3E75D7D2CAFADCD35726BA6134EA1757E2A50D5FBD4AE1BFE4A5E92F74E
                              SHA-512:329A56FE2718A5AEFED619CA3839BFB97F169812D140DE13D0458A3E07E04845D8974434E3EF937FB9A05FFAA11B0C354544C6ED61DDD3A3F37F38323C7B7F81
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_035414.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):158576
                              Entropy (8bit):7.91546207064306
                              Encrypted:false
                              SSDEEP:3072:GA9KOD5LRuBswId9Ib+OPp55VpbvECcxhRZEIDsog5NeH2xHdfvlmoY:P9KOD2Boi+Ap5BcDROIA3ZEoY
                              MD5:9DC3BCDA5C72B701257B2962E52C5A64
                              SHA1:F7A9567AC73CD8C2F2474E52D377A204CB4D298E
                              SHA-256:8A1C47F1BFB259629A25398447D8E19D8E331C3FF9A2B4FC40B47204D619CDD2
                              SHA-512:127916850299FE7479B610BB368AA423E7B9A6D86571C6F472953AC86AE8248ECD672D8B079B580FE91EBDB2E67DF3B0ECF9A454D70B1A32987BEC8B3D065D11
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_035514.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):160716
                              Entropy (8bit):7.911170896609219
                              Encrypted:false
                              SSDEEP:3072:GgkIPoAYkaQ1IlajnZxih5QezuKpv0k+/5V7SbcW6LqjDUA:WI5+LsjZMtuq4v7+Sg3
                              MD5:E9F2405E8BC1922FF2C85D37CB276BFA
                              SHA1:00F102742D087B062DC39D6C0BEE2265CCE6FD8A
                              SHA-256:725A0005D8BB3D99A1D8C32F3B9BB4E8BAC5F9426A12DC1D89A4B316387011C3
                              SHA-512:FB20E7C3EDE8B817DD84ED0A1483AB38DFB52AD682B286C50A3D4C690493A2C5099F63454BD4EBE94FC4DFD1C8790F3D4C854DEDD6EF7FCA5DDE32DE2A1FB894
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_035615.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152641
                              Entropy (8bit):7.9199167781812125
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj61HfsGqYu5nQq:6QzDUjVXJ5WhfrqTQq
                              MD5:066FABBFEEDD820781C25C072B84A602
                              SHA1:F64DF88F4B4F39F7358D6163E7349773C77531AF
                              SHA-256:6BDED77CAFAA9610A118E5F4AFF3E465BDC2620F1443A7C970DB4D2904E6F09D
                              SHA-512:5731CA9DA3A1F8FC2296EB4E3AB5A9BD4D85E46BDFC20BD88A962A8D9E8207965739C4AD895917FBAA1AD5857B0FCADB74B6A5456690C36325FEAF1C98FC1BF2
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_035715.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152641
                              Entropy (8bit):7.9199167781812125
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj61HfsGqYu5nQq:6QzDUjVXJ5WhfrqTQq
                              MD5:066FABBFEEDD820781C25C072B84A602
                              SHA1:F64DF88F4B4F39F7358D6163E7349773C77531AF
                              SHA-256:6BDED77CAFAA9610A118E5F4AFF3E465BDC2620F1443A7C970DB4D2904E6F09D
                              SHA-512:5731CA9DA3A1F8FC2296EB4E3AB5A9BD4D85E46BDFC20BD88A962A8D9E8207965739C4AD895917FBAA1AD5857B0FCADB74B6A5456690C36325FEAF1C98FC1BF2
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_035815.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152641
                              Entropy (8bit):7.9199167781812125
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj61HfsGqYu5nQq:6QzDUjVXJ5WhfrqTQq
                              MD5:066FABBFEEDD820781C25C072B84A602
                              SHA1:F64DF88F4B4F39F7358D6163E7349773C77531AF
                              SHA-256:6BDED77CAFAA9610A118E5F4AFF3E465BDC2620F1443A7C970DB4D2904E6F09D
                              SHA-512:5731CA9DA3A1F8FC2296EB4E3AB5A9BD4D85E46BDFC20BD88A962A8D9E8207965739C4AD895917FBAA1AD5857B0FCADB74B6A5456690C36325FEAF1C98FC1BF2
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_035915.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152641
                              Entropy (8bit):7.9199167781812125
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj61HfsGqYu5nQq:6QzDUjVXJ5WhfrqTQq
                              MD5:066FABBFEEDD820781C25C072B84A602
                              SHA1:F64DF88F4B4F39F7358D6163E7349773C77531AF
                              SHA-256:6BDED77CAFAA9610A118E5F4AFF3E465BDC2620F1443A7C970DB4D2904E6F09D
                              SHA-512:5731CA9DA3A1F8FC2296EB4E3AB5A9BD4D85E46BDFC20BD88A962A8D9E8207965739C4AD895917FBAA1AD5857B0FCADB74B6A5456690C36325FEAF1C98FC1BF2
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_040015.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152641
                              Entropy (8bit):7.9199167781812125
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj61HfsGqYu5nQq:6QzDUjVXJ5WhfrqTQq
                              MD5:066FABBFEEDD820781C25C072B84A602
                              SHA1:F64DF88F4B4F39F7358D6163E7349773C77531AF
                              SHA-256:6BDED77CAFAA9610A118E5F4AFF3E465BDC2620F1443A7C970DB4D2904E6F09D
                              SHA-512:5731CA9DA3A1F8FC2296EB4E3AB5A9BD4D85E46BDFC20BD88A962A8D9E8207965739C4AD895917FBAA1AD5857B0FCADB74B6A5456690C36325FEAF1C98FC1BF2
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_040115.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152641
                              Entropy (8bit):7.9199167781812125
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj61HfsGqYu5nQq:6QzDUjVXJ5WhfrqTQq
                              MD5:066FABBFEEDD820781C25C072B84A602
                              SHA1:F64DF88F4B4F39F7358D6163E7349773C77531AF
                              SHA-256:6BDED77CAFAA9610A118E5F4AFF3E465BDC2620F1443A7C970DB4D2904E6F09D
                              SHA-512:5731CA9DA3A1F8FC2296EB4E3AB5A9BD4D85E46BDFC20BD88A962A8D9E8207965739C4AD895917FBAA1AD5857B0FCADB74B6A5456690C36325FEAF1C98FC1BF2
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_040215.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152641
                              Entropy (8bit):7.9199167781812125
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj61HfsGqYu5nQq:6QzDUjVXJ5WhfrqTQq
                              MD5:066FABBFEEDD820781C25C072B84A602
                              SHA1:F64DF88F4B4F39F7358D6163E7349773C77531AF
                              SHA-256:6BDED77CAFAA9610A118E5F4AFF3E465BDC2620F1443A7C970DB4D2904E6F09D
                              SHA-512:5731CA9DA3A1F8FC2296EB4E3AB5A9BD4D85E46BDFC20BD88A962A8D9E8207965739C4AD895917FBAA1AD5857B0FCADB74B6A5456690C36325FEAF1C98FC1BF2
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_040315.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152641
                              Entropy (8bit):7.9199167781812125
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj61HfsGqYu5nQq:6QzDUjVXJ5WhfrqTQq
                              MD5:066FABBFEEDD820781C25C072B84A602
                              SHA1:F64DF88F4B4F39F7358D6163E7349773C77531AF
                              SHA-256:6BDED77CAFAA9610A118E5F4AFF3E465BDC2620F1443A7C970DB4D2904E6F09D
                              SHA-512:5731CA9DA3A1F8FC2296EB4E3AB5A9BD4D85E46BDFC20BD88A962A8D9E8207965739C4AD895917FBAA1AD5857B0FCADB74B6A5456690C36325FEAF1C98FC1BF2
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_040415.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152641
                              Entropy (8bit):7.9199167781812125
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj61HfsGqYu5nQq:6QzDUjVXJ5WhfrqTQq
                              MD5:066FABBFEEDD820781C25C072B84A602
                              SHA1:F64DF88F4B4F39F7358D6163E7349773C77531AF
                              SHA-256:6BDED77CAFAA9610A118E5F4AFF3E465BDC2620F1443A7C970DB4D2904E6F09D
                              SHA-512:5731CA9DA3A1F8FC2296EB4E3AB5A9BD4D85E46BDFC20BD88A962A8D9E8207965739C4AD895917FBAA1AD5857B0FCADB74B6A5456690C36325FEAF1C98FC1BF2
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_040515.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152641
                              Entropy (8bit):7.9199167781812125
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj61HfsGqYu5nQq:6QzDUjVXJ5WhfrqTQq
                              MD5:066FABBFEEDD820781C25C072B84A602
                              SHA1:F64DF88F4B4F39F7358D6163E7349773C77531AF
                              SHA-256:6BDED77CAFAA9610A118E5F4AFF3E465BDC2620F1443A7C970DB4D2904E6F09D
                              SHA-512:5731CA9DA3A1F8FC2296EB4E3AB5A9BD4D85E46BDFC20BD88A962A8D9E8207965739C4AD895917FBAA1AD5857B0FCADB74B6A5456690C36325FEAF1C98FC1BF2
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_040616.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152641
                              Entropy (8bit):7.9199167781812125
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj61HfsGqYu5nQq:6QzDUjVXJ5WhfrqTQq
                              MD5:066FABBFEEDD820781C25C072B84A602
                              SHA1:F64DF88F4B4F39F7358D6163E7349773C77531AF
                              SHA-256:6BDED77CAFAA9610A118E5F4AFF3E465BDC2620F1443A7C970DB4D2904E6F09D
                              SHA-512:5731CA9DA3A1F8FC2296EB4E3AB5A9BD4D85E46BDFC20BD88A962A8D9E8207965739C4AD895917FBAA1AD5857B0FCADB74B6A5456690C36325FEAF1C98FC1BF2
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_040716.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152641
                              Entropy (8bit):7.9199167781812125
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj61HfsGqYu5nQq:6QzDUjVXJ5WhfrqTQq
                              MD5:066FABBFEEDD820781C25C072B84A602
                              SHA1:F64DF88F4B4F39F7358D6163E7349773C77531AF
                              SHA-256:6BDED77CAFAA9610A118E5F4AFF3E465BDC2620F1443A7C970DB4D2904E6F09D
                              SHA-512:5731CA9DA3A1F8FC2296EB4E3AB5A9BD4D85E46BDFC20BD88A962A8D9E8207965739C4AD895917FBAA1AD5857B0FCADB74B6A5456690C36325FEAF1C98FC1BF2
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_040816.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):153277
                              Entropy (8bit):7.918172453511895
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6opbfwtCq5knI:6QzDUjVXJ5WohfLqSnI
                              MD5:58EDA743DA11727C185678110424737D
                              SHA1:3AB6763986145E8296C3E8AEB033A80609894BFB
                              SHA-256:1ED9F9FCDF90E08FEB9E7F96A5846949E3695832E7F4B8E853437D32980F4FC3
                              SHA-512:8FA089209F7F351BE5C64FF07A0A5B207D61D018FB1A5BD8C27E884ECE1AC27BBB6B26F1B88E1EA1A2F354AF53414BDFEF3E403F2F00AE4B379B2C9A694786CD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_040916.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):155327
                              Entropy (8bit):7.9153444499911885
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6xqC2t6EVrOjrlEmbkmoIB:6QzDUjVXJ5WxX2f0Db5T
                              MD5:22A6ED940A1DB05EF7D66B9F214632D8
                              SHA1:9A6D273D9274D9F91D923953377A8AC54715116F
                              SHA-256:BDA5404B11AC8A7D6B5559829A26DA7DD25FE364D92A87D0E6F06BB4C7E7F6B4
                              SHA-512:D49F22EB88371F48C8D76D2094D6ADCDE34AB7C54863249C2EB0E59B767CDBB02EAB18A97308DCBF7C6A7BA4DEF7B0BD6B583EADC3483701B5ACAD019B5F3894
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_054626.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_054726.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_054826.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_054926.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_055026.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_055126.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_055227.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_055327.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_055427.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_055527.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_055627.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_055727.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_055827.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_055927.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_060027.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_060127.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):153442
                              Entropy (8bit):7.928089090760003
                              Encrypted:false
                              SSDEEP:3072:GLbdACg3rjnyLeoja8MA6/RpSrCysbwj/vCpd+n6q6WEoiwjlb:M23r7yLeojvM1nSrCBwjvCnvc1
                              MD5:20AB6816CC0FD9866049D45AA72CD50D
                              SHA1:E1F4CB4CD7360BA4192957AFC73792CB3BED1F6A
                              SHA-256:DFB48C18E57752ED30EDC05610910B589AF15DA4D11DCE8967FCB49AA76FD775
                              SHA-512:026781D2C3D9E49074D9637E63E6950BD5518A3287E82C21585DC8FB4757456FD932E7B357D910D8E6E2D9FEF4B2DF819D768F3CECD6E51D91D88CD8C627E590
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_060227.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154526
                              Entropy (8bit):7.92608467809162
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpd+n6q6WEoiwjlb:++yjvM1nSrCBwjvCnvc1
                              MD5:308E469BED2E058BA1CDE3A59DD4040C
                              SHA1:56788449F0D4475211662CA3A96D107562065C0E
                              SHA-256:849A844FB37CCF291A133D0F1979D019F5A774216F08D2FF9A518851C1D21C10
                              SHA-512:2D570810252E26F466BA3890F53B0F79183D6DB5614C80E1DE07F4A2377311BE02B4B75B0860B13D9624EA618AE2AF7ABEB07CDA4164D49E4A722A587F111BB6
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_060328.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_060428.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_060528.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_060628.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_060728.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_060828.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_060928.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_061028.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_061128.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_061229.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_061329.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_061429.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_061529.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_061629.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_061729.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_061830.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_061930.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_062030.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_062130.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_062230.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_062330.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_062430.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_062530.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_062631.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_062731.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_062831.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_062932.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_063032.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_063132.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_063232.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_063332.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_063432.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):153061
                              Entropy (8bit):7.928015560247175
                              Encrypted:false
                              SSDEEP:3072:G7y8mKKR6D1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:4y8DUjVXJ5WwtTCExp
                              MD5:02FE77A7D0C1EF2672AA401D8A529BB3
                              SHA1:FA08166D57B0275F438BA9C38D62D244CBE38936
                              SHA-256:0BE5F19C26C98AD12B5F6DB5160955FE173026DBF13718D05001101915F11650
                              SHA-512:03AF38E65FBDD6494219FEF266537A77BE4CD9115D6241B29D6C57B69FCD21369B786BAC9272056845C8F8514E166CCF5C48B08ACD9DDD4AB9B2B7E1770A9633
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_063533.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154377
                              Entropy (8bit):7.924542095160154
                              Encrypted:false
                              SSDEEP:3072:GgkIPoAYkaQ1IlajnZxih5QezuKpv0k+Unhl1W2i4cDWpQqB:WI5+LsjZMtuq4ghRp5
                              MD5:B62D9FB68B5724F0D85BD9F496D46E7C
                              SHA1:252A2875181009C1193F98B7629AA4AC9F1C7688
                              SHA-256:FD2CB4924728C06BB4E0D3BCC2A92325B031FC2FA0433FD29A9ACDDB6FEC6E4F
                              SHA-512:44F1F1F3001B9FDC4C779BBF1CFD202FFB46FD006F4D8FB8DD0A1D68E4C0FD8A13546D1D30A7020DAB678ED613F040B6C6964A392B65B0F3BAF0B51FBE85A63D
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_063633.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_063733.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_063833.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_063933.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_064034.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_064135.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_064235.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_064335.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_064435.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_064535.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_064636.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_064736.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_064836.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_064936.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_065036.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_065138.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_065238.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_065338.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_065439.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_065539.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_065639.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_065739.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_065839.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_065940.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_070041.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_070141.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_070242.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_070342.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_070442.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154437
                              Entropy (8bit):7.92515825314996
                              Encrypted:false
                              SSDEEP:3072:GQeOx8gJSmmDtlOYgJYPiMJEn2mgiN4RGdeLtEkzgI3tWM1jYYimox:X1x8gAblO30hJEn21iN4wdqqs3JYoox
                              MD5:CDFEDF5F0055E2DE2E615AEB25E2DF49
                              SHA1:6587D83768A7037ACB4D4F6F54BAFD5DEF084081
                              SHA-256:8EFA0DCDD731E5AEBC470568300B007E8D0BE69106CBC23ABA782B403D3FAB2A
                              SHA-512:294C9A3E4C5EC413C582439949CD2709B1D06600B75FE867D1A0DAC5475B097E062230195E533253499F40BE501BEF54D5402BE9A7A59DF5B5FDDB997A21F4E2
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_070542.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154526
                              Entropy (8bit):7.92608467809162
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpd+n6q6WEoiwjlb:++yjvM1nSrCBwjvCnvc1
                              MD5:308E469BED2E058BA1CDE3A59DD4040C
                              SHA1:56788449F0D4475211662CA3A96D107562065C0E
                              SHA-256:849A844FB37CCF291A133D0F1979D019F5A774216F08D2FF9A518851C1D21C10
                              SHA-512:2D570810252E26F466BA3890F53B0F79183D6DB5614C80E1DE07F4A2377311BE02B4B75B0860B13D9624EA618AE2AF7ABEB07CDA4164D49E4A722A587F111BB6
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_070643.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_070743.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_070843.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_070945.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_071045.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_071146.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_071246.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_071346.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_071446.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_071547.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_071647.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_071749.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_071849.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_071950.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_072050.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_072150.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_072251.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_072351.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_072453.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_072553.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146312
                              Entropy (8bit):7.930741741437279
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fp:6QzDUjVXJ5WwtTCExp
                              MD5:97D9D0B2E8D0D295E6C4BAC7B2F9BA15
                              SHA1:81095044AFD6086AF84C8916E1E75D169A05C8FA
                              SHA-256:C682376E1905F0BF7F22AE57AB1A73964A2719080A20E7750F007E81C773D6BA
                              SHA-512:3181BF261B605BB106245EC385F6E6E6166DC9975ACE27C06C9892A627E8C64EBBD4D56F696AF065A9C27277996F2ABBB7A50A4BABFDCF67CA2CED4780F6DFCD
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_072654.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_072754.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_072854.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_072957.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_073057.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_073158.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_073258.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_073359.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_073459.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_073601.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_073702.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_073802.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154150
                              Entropy (8bit):7.923432229504557
                              Encrypted:false
                              SSDEEP:3072:GZd9N23XpX4JstUdXVugxs/OabsK+sJ73qnLDNR+IVMXpwfH:y23XpgXVujOabR+sFqLDNVMgH
                              MD5:09724D439547285609507046D5D245E8
                              SHA1:0FA81B2EE141486B60C17B59C2F36794AA4CE827
                              SHA-256:42642D71C7D63C14D390E3E5C7BBA00D22F238CBC956FE7FFE36B35447BAEF29
                              SHA-512:B5E511BA17094CB7EEF8CD173E4EF6D92A1A1CB5EFA9B01DA4572D80A088EF5B6D71D5F736DEF4C2DCF9941CBE2D2F2898BFEC61979DE71E190A0C3621B85B8C
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_073903.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154393
                              Entropy (8bit):7.924529157329538
                              Encrypted:false
                              SSDEEP:3072:GgkIPoAYkaQ1IlajnZxih5QezuKpv0k+Unhl1W2i4cDW9B:WI5+LsjZMtuq4ghR/
                              MD5:37F173728623A70D94D39C341BBAC4DB
                              SHA1:414CA09E3B760C462EB6DA609A788B5CE122B496
                              SHA-256:AFE05EB9D2AE4614A30BB81B188E18E485AA41ABD7DA18DB060C08045F35B8D7
                              SHA-512:B8C51398D6483A52DFAE2C2C7E4F0830E785337BA60C98EE8200CABDA01A99C03C38867F74B5A8FB72C73F08F9A11972D9F09056917FD728EEEA04CB76C73A4D
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_074003.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_074104.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_074206.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_074307.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_074407.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_074508.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_074608.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_074711.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_074811.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_074912.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_075013.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146850
                              Entropy (8bit):7.928793657688584
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1AxxPs9sB7mgiN4RGdeLtEkzgI3tWM1jYYB:6QzDUxPJ1iN4wdqqs3JYc
                              MD5:54128E8E3949BC604A3C2F7CBD58745F
                              SHA1:247A3DD1EE4FBC6BAD16189299A48CF3EBAB8CFF
                              SHA-256:A2932F8CE92829028E2E31C3EF8018858C704FDAE91FA545DB9B88960B9D7E14
                              SHA-512:9AF4A8A7F6B5D65AD6458284886BA8CA83B1C72E0B6A310A77301B1AA323D0F9AF12D40EC058D1EC62469A76F7F5B894839832C151224033AFEB70A6BADD76D1
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_075115.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_075216.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_075317.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_075418.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_075521.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_075621.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_075722.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_075825.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_075926.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_080027.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_080128.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_080231.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_080331.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_080433.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_080536.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_080637.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_080741.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_080842.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_080943.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_081046.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_081147.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152283
                              Entropy (8bit):7.929472547860556
                              Encrypted:false
                              SSDEEP:3072:GiPyyfDYlo/sVdoEvkbQwqKuI5owm35T2/+oJrSXC+dDDmJ:Jyy0UsVdoEva9u4ow6vCuOJ
                              MD5:7035E2ED260AA3640E939B58A969A138
                              SHA1:1A6C43663C0F99A045A754F9DA0CF27E1136E00F
                              SHA-256:68FAD20FB9DE232188C80E9141DE78036AF73144C5A7B5FFEE9F58CD567B8209
                              SHA-512:93E6D6222E8DD26A393EFC1F154183868E9E803CD22F34047BF6CC0273C95C7FC4AA7EEEF2E6599F248DD5E634E2C756850D77F3A1DEE597B189A3077844D46D
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_081251.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154393
                              Entropy (8bit):7.924529157329538
                              Encrypted:false
                              SSDEEP:3072:GgkIPoAYkaQ1IlajnZxih5QezuKpv0k+Unhl1W2i4cDW9B:WI5+LsjZMtuq4ghR/
                              MD5:37F173728623A70D94D39C341BBAC4DB
                              SHA1:414CA09E3B760C462EB6DA609A788B5CE122B496
                              SHA-256:AFE05EB9D2AE4614A30BB81B188E18E485AA41ABD7DA18DB060C08045F35B8D7
                              SHA-512:B8C51398D6483A52DFAE2C2C7E4F0830E785337BA60C98EE8200CABDA01A99C03C38867F74B5A8FB72C73F08F9A11972D9F09056917FD728EEEA04CB76C73A4D
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_081352.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_081457.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_081558.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_081702.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_081806.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_081908.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_082012.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_082117.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_082222.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_082326.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_082431.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_082536.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_082644.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_082748.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_082857.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_083008.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_083120.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_083235.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_083352.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_083529.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_083704.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_083843.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_101630.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_114916.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_133131.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_150857.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_182421.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241121_211153.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241122_002719.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241122_041848.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241122_073704.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241122_095745.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152716
                              Entropy (8bit):7.928167547091041
                              Encrypted:false
                              SSDEEP:3072:GGNrRahNAkabjLLxHQ1IlajnZxih5QezuKpv0k+Unhl1W2i4cDW9B:/NrRIUFLsjZMtuq4ghR/
                              MD5:0F2BEAD6DC0E2A3A8EC174917456344E
                              SHA1:978C29D73513B5DE681B1A091835CB254487D08C
                              SHA-256:882BC5F18547B2AF4784263DA54B5A181E4859094C14214F133431A36ACE029F
                              SHA-512:7C0FF0198F2F457F8A9C329BC7CAF4CC3C9B2A31FC81264DA6D009641DDFBBB88F4AB1A963E331EF55B479D60B304ED22194F64580A916ACC6107BA9B9B6B540
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241122_142839.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154393
                              Entropy (8bit):7.924529157329538
                              Encrypted:false
                              SSDEEP:3072:GgkIPoAYkaQ1IlajnZxih5QezuKpv0k+Unhl1W2i4cDW9B:WI5+LsjZMtuq4ghR/
                              MD5:37F173728623A70D94D39C341BBAC4DB
                              SHA1:414CA09E3B760C462EB6DA609A788B5CE122B496
                              SHA-256:AFE05EB9D2AE4614A30BB81B188E18E485AA41ABD7DA18DB060C08045F35B8D7
                              SHA-512:B8C51398D6483A52DFAE2C2C7E4F0830E785337BA60C98EE8200CABDA01A99C03C38867F74B5A8FB72C73F08F9A11972D9F09056917FD728EEEA04CB76C73A4D
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241122_184415.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241122_210511.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241123_000216.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241123_035945.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241123_084354.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241123_114714.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241123_162305.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241123_193911.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241123_233655.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241124_031158.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241126_091627.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241126_120101.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146814
                              Entropy (8bit):7.929572856091504
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJS4KOI8B:6QzDUjVXJ5WwtTCERJD
                              MD5:D4C1EC83FAAEF804F8F989EB16D6296D
                              SHA1:0EB4A91470F86B5316E8CD9F597F9DEA6B167424
                              SHA-256:E046DA77C014BCCB3FBAE64C41BFE8349A8A89312B7092753E10B70252A9E394
                              SHA-512:8A04A43DC2D3DDA6C1DB08112D8326D640FB9C18E83B556A8587E6B82043C533724A2154D3ED182A09117EA8B5461F37B85E45F0ACF12B5B1E3CF9F9D4382E22
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241128_192916.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241128_221537.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146514
                              Entropy (8bit):7.929967957545257
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F3ihe:6QzDUjVXJ5WwtTCExShe
                              MD5:3C9ABE57F966048633F0C456FCBDFAF6
                              SHA1:B01E3F3F58F4E75A61393F3A5D171A856B56EA72
                              SHA-256:F3A3A3F7BCCB6AD158FBA9D5027DEEECAC8DC0B041F73257E4E328E150E6453F
                              SHA-512:2CB3FE256B72A557ECAFEC8DE3E95093AD260D1AB630FD32293DE3B263EE7FBE5DD087C406B02D4E085338ACF5398020855D062CB692C72BE54F951C46A6D9D8
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241129_010627.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146514
                              Entropy (8bit):7.929967957545257
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F3ihe:6QzDUjVXJ5WwtTCExShe
                              MD5:3C9ABE57F966048633F0C456FCBDFAF6
                              SHA1:B01E3F3F58F4E75A61393F3A5D171A856B56EA72
                              SHA-256:F3A3A3F7BCCB6AD158FBA9D5027DEEECAC8DC0B041F73257E4E328E150E6453F
                              SHA-512:2CB3FE256B72A557ECAFEC8DE3E95093AD260D1AB630FD32293DE3B263EE7FBE5DD087C406B02D4E085338ACF5398020855D062CB692C72BE54F951C46A6D9D8
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241129_044753.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146514
                              Entropy (8bit):7.929967957545257
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F3ihe:6QzDUjVXJ5WwtTCExShe
                              MD5:3C9ABE57F966048633F0C456FCBDFAF6
                              SHA1:B01E3F3F58F4E75A61393F3A5D171A856B56EA72
                              SHA-256:F3A3A3F7BCCB6AD158FBA9D5027DEEECAC8DC0B041F73257E4E328E150E6453F
                              SHA-512:2CB3FE256B72A557ECAFEC8DE3E95093AD260D1AB630FD32293DE3B263EE7FBE5DD087C406B02D4E085338ACF5398020855D062CB692C72BE54F951C46A6D9D8
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20241129_072211.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146514
                              Entropy (8bit):7.929967957545257
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F3ihe:6QzDUjVXJ5WwtTCExShe
                              MD5:3C9ABE57F966048633F0C456FCBDFAF6
                              SHA1:B01E3F3F58F4E75A61393F3A5D171A856B56EA72
                              SHA-256:F3A3A3F7BCCB6AD158FBA9D5027DEEECAC8DC0B041F73257E4E328E150E6453F
                              SHA-512:2CB3FE256B72A557ECAFEC8DE3E95093AD260D1AB630FD32293DE3B263EE7FBE5DD087C406B02D4E085338ACF5398020855D062CB692C72BE54F951C46A6D9D8
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250306_045422.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250306_053811.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250306_055947.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250306_061742.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250306_081527.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250306_102842.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250306_122742.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250306_143105.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250306_154148.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250306_172217.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250306_194022.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250306_213241.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250307_000054.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250307_022135.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250307_041603.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250307_080010.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250307_104851.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250307_131254.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250307_144137.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250307_160705.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152644
                              Entropy (8bit):7.929448790717689
                              Encrypted:false
                              SSDEEP:3072:G3q9wFl8bKa8MA6/RpSrCysbwj/vCpd+n6q6WEo/bdjlb:Gq94CKvM1nSrCBwjvCnvc/r
                              MD5:89A090FB2CCF9D37BEDB25E7F00D6C76
                              SHA1:4131BA131E6CF7569DA96482C8E2A2018A23F149
                              SHA-256:FF37D12B16CFC8184132B87B1B0E5C9105F36E56C6A7F5077D1E0ED9CC091F8E
                              SHA-512:78CD4299DD9BE4733253E701B7FBF4C23407A21646C2A16DD9E2956CAB95F081E0AFF37734AF3B639530A3146C1BEEE69FC13F8955903EA72327A17EF73FC048
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250307_163052.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154393
                              Entropy (8bit):7.924529157329538
                              Encrypted:false
                              SSDEEP:3072:GgkIPoAYkaQ1IlajnZxih5QezuKpv0k+Unhl1W2i4cDW9B:WI5+LsjZMtuq4ghR/
                              MD5:37F173728623A70D94D39C341BBAC4DB
                              SHA1:414CA09E3B760C462EB6DA609A788B5CE122B496
                              SHA-256:AFE05EB9D2AE4614A30BB81B188E18E485AA41ABD7DA18DB060C08045F35B8D7
                              SHA-512:B8C51398D6483A52DFAE2C2C7E4F0830E785337BA60C98EE8200CABDA01A99C03C38867F74B5A8FB72C73F08F9A11972D9F09056917FD728EEEA04CB76C73A4D
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250307_172345.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154393
                              Entropy (8bit):7.924529157329538
                              Encrypted:false
                              SSDEEP:3072:GgkIPoAYkaQ1IlajnZxih5QezuKpv0k+Unhl1W2i4cDW9B:WI5+LsjZMtuq4ghR/
                              MD5:37F173728623A70D94D39C341BBAC4DB
                              SHA1:414CA09E3B760C462EB6DA609A788B5CE122B496
                              SHA-256:AFE05EB9D2AE4614A30BB81B188E18E485AA41ABD7DA18DB060C08045F35B8D7
                              SHA-512:B8C51398D6483A52DFAE2C2C7E4F0830E785337BA60C98EE8200CABDA01A99C03C38867F74B5A8FB72C73F08F9A11972D9F09056917FD728EEEA04CB76C73A4D
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250307_174908.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250309_230408.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250310_011801.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250310_034751.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250310_061343.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250310_075038.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250312_130940.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250312_160033.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250312_184202.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250314_234848.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250315_001527.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250315_003848.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250315_005354.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250315_005714.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250315_013540.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250315_033608.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146788
                              Entropy (8bit):7.93011782834676
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrblqBqKuI5owm35T2/+oJrSXC+dDDmJ:6QzDUjVXg3u4ow6vCuOJ
                              MD5:3EABC410C5ADF4DD686C5400B8BE52FA
                              SHA1:950B2E4BF831AC0545B0F190FDCD1C3F374AB9CC
                              SHA-256:7E3D568184B41506B1B4DABCD006E69363C9799A3EC02E5D4A16B66BD704E747
                              SHA-512:6EB80E0CDE10D15E0CDD5D0166E5C42A0F8128284E1F783ADDDBADBC6F0469D34BA34D6E67973C3B142E6C034BA41ABF72A9B761E655741D54F71FC29306BB16
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250315_042603.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146788
                              Entropy (8bit):7.93011782834676
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrblqBqKuI5owm35T2/+oJrSXC+dDDmJ:6QzDUjVXg3u4ow6vCuOJ
                              MD5:3EABC410C5ADF4DD686C5400B8BE52FA
                              SHA1:950B2E4BF831AC0545B0F190FDCD1C3F374AB9CC
                              SHA-256:7E3D568184B41506B1B4DABCD006E69363C9799A3EC02E5D4A16B66BD704E747
                              SHA-512:6EB80E0CDE10D15E0CDD5D0166E5C42A0F8128284E1F783ADDDBADBC6F0469D34BA34D6E67973C3B142E6C034BA41ABF72A9B761E655741D54F71FC29306BB16
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250315_050506.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250315_060234.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250315_063614.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250315_083318.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250315_112416.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250315_150148.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250315_191651.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250315_205246.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250320_042114.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250324_121632.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250326_163423.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250326_181510.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250326_202356.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250326_215948.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146778
                              Entropy (8bit):7.93000797561911
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1AxhEK+f9tgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUhQf9J5WwtTCExk
                              MD5:BB3858114E370DA089DC8D318B26C166
                              SHA1:258815E26AA70CD349594AFCC14A6864A91991BC
                              SHA-256:EB5EF834C0AE67D42DE116D3806B55D80C02A6590F41E25EF2E48706355E2503
                              SHA-512:DA48220E4E221B2ED7C91DD864C1D0564ACCF2339C31E2056774ECD5F09ECC992913A430AC160DC41A3C059C0132F86FB66F2974AF71CA5777FF905890D6A382
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250327_000623.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146672
                              Entropy (8bit):7.9290347693240495
                              Encrypted:false
                              SSDEEP:3072:G7QArELVi5YPiMJEn2mgiN4RGdeLtEkzgI3tWM1jYYB:6QxViEhJEn21iN4wdqqs3JYc
                              MD5:C1ED3C893B6F8870B77CEEE63E501FBF
                              SHA1:6B9666AD46D01E251D4097DB2F925AEC077739B5
                              SHA-256:455900320DE69A47A22FB5D2626F359DA9F092585B702E025693125A3E252145
                              SHA-512:A5264048CA3C67630A42004C5507A3543F6C870A0871DEF544774E5277309AC6DD7242DF0D018867E4A9C613B49DAE886EB275E46AE2CAB9AFC0DC54E1B70EB0
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250327_021308.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250327_054209.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250327_095834.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250327_110355.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250327_121547.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250327_124203.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250327_135312.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250327_150145.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250403_023942.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250403_031243.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250403_043311.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151906
                              Entropy (8bit):7.9283507476196755
                              Encrypted:false
                              SSDEEP:3072:GA9KOD5LRuBswId9Ib+OPp55VpbvECcxhRZEIDsoxsTkffeiP2i3Y:P9KOD2Boi+Ap5BcDROIAjkffzPtI
                              MD5:271FD96F3E1A9435DFB3A47B1E642E55
                              SHA1:9F6F1C6D8E4ECE52CEB6FB052CBE249C2EA13EDF
                              SHA-256:7910327EB1C88E224E8D0A00BA0DC1657BACB44323C7CC578886FDE8055D4770
                              SHA-512:FCA347F9B3C0512EC36BB513EF45FEBBF0CD1D7AF87A365EC5E505D362B06962FC6E41088923E2537EE3A74007A45AB948CE00D022F0817493118A8A8CDABB74
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250405_093856.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154393
                              Entropy (8bit):7.924529157329538
                              Encrypted:false
                              SSDEEP:3072:GgkIPoAYkaQ1IlajnZxih5QezuKpv0k+Unhl1W2i4cDW9B:WI5+LsjZMtuq4ghR/
                              MD5:37F173728623A70D94D39C341BBAC4DB
                              SHA1:414CA09E3B760C462EB6DA609A788B5CE122B496
                              SHA-256:AFE05EB9D2AE4614A30BB81B188E18E485AA41ABD7DA18DB060C08045F35B8D7
                              SHA-512:B8C51398D6483A52DFAE2C2C7E4F0830E785337BA60C98EE8200CABDA01A99C03C38867F74B5A8FB72C73F08F9A11972D9F09056917FD728EEEA04CB76C73A4D
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250409_191307.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154393
                              Entropy (8bit):7.924529157329538
                              Encrypted:false
                              SSDEEP:3072:GgkIPoAYkaQ1IlajnZxih5QezuKpv0k+Unhl1W2i4cDW9B:WI5+LsjZMtuq4ghR/
                              MD5:37F173728623A70D94D39C341BBAC4DB
                              SHA1:414CA09E3B760C462EB6DA609A788B5CE122B496
                              SHA-256:AFE05EB9D2AE4614A30BB81B188E18E485AA41ABD7DA18DB060C08045F35B8D7
                              SHA-512:B8C51398D6483A52DFAE2C2C7E4F0830E785337BA60C98EE8200CABDA01A99C03C38867F74B5A8FB72C73F08F9A11972D9F09056917FD728EEEA04CB76C73A4D
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250409_220404.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250412_033303.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250412_054940.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250412_083248.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250412_103944.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250414_161920.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250414_185338.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250414_212328.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250414_232231.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250415_001651.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250415_014129.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250417_072741.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250417_093455.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250417_105944.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250417_120804.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146335
                              Entropy (8bit):7.930620625934086
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7FYD:6QzDUjVXJ5WwtTCExk
                              MD5:71F64B7CB864D144060F1AB5E317039B
                              SHA1:E69BBF9D30B6CEA664E4FC2DA0A742378C0984C6
                              SHA-256:5B2628791A5F6582F56513848AA8ABE27B377A2409789E23DAA15B832A181318
                              SHA-512:7A58A5BDD6E5B4249BF32A49CC26BB8CBF0C7BB920DFFE368443EC5B2A6EEB1FC112D71146A4EBA058341CCAB45B17F5F6D2A11BF070363352688B3E231AC542
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250417_134036.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250417_154249.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250417_171823.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250417_185255.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250417_203655.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250417_220340.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250417_234212.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250418_013336.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250418_025246.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250418_033859.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250418_042632.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250418_045454.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250418_060018.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250418_062713.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250418_063812.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250420_104413.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250420_121302.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250420_133034.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250420_151722.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250420_172418.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250420_192735.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250420_203005.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250420_220924.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250421_000026.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250421_005149.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250421_025206.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250421_045255.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250421_064833.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250421_092659.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151162
                              Entropy (8bit):7.927894656105963
                              Encrypted:false
                              SSDEEP:3072:GZSsTcZUZSYgJYPiMJEn2mgiN4RGdeLtEkzgI3tWM1jYYxo+:Oo2ZS30hJEn21iN4wdqqs3JYy
                              MD5:5DECF1DC48F56E3C0992D1DD8DEF815B
                              SHA1:70CBF571B254549C2001622D60E649715876ECA5
                              SHA-256:D337EF713FD142797D32F9D94FCDD386F591B697079C69F718BA095546A41082
                              SHA-512:F82C44C03A3AB1CCAE8FD9431CE9C730614FF5E1C0E16F302C2533BC7D24DB49C4A54FB69E2FB3C0119764D742722FC135771E80159E4D7247217713CFDFD635
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250421_111329.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154392
                              Entropy (8bit):7.9247778375379845
                              Encrypted:false
                              SSDEEP:3072:GgkIPoAYkaQ1IlajnZxih5QezuKpv0k+Unhl1W2i4cDWfmoZjlb:WI5+LsjZMtuq4ghROoz
                              MD5:8770250263F0C07C4E5BB50E808113B8
                              SHA1:AE62C5ABE872B199E44301F0AA8164D4A6E133C8
                              SHA-256:99738B5BEE78346CA748060F514E9BAA3017B8ECEB68B5823A2FCFDDEE01A30C
                              SHA-512:953FE517207156BC5BB2F67A19BE852C844A47178C4CF4375FF61E4DBC3DEDC9AB00E41D74A222787A44731C4B9248343E3E10A79F0C0F6E3030861EDCD1ACAA
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250423_155832.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154392
                              Entropy (8bit):7.9247778375379845
                              Encrypted:false
                              SSDEEP:3072:GgkIPoAYkaQ1IlajnZxih5QezuKpv0k+Unhl1W2i4cDWfmoZjlb:WI5+LsjZMtuq4ghROoz
                              MD5:8770250263F0C07C4E5BB50E808113B8
                              SHA1:AE62C5ABE872B199E44301F0AA8164D4A6E133C8
                              SHA-256:99738B5BEE78346CA748060F514E9BAA3017B8ECEB68B5823A2FCFDDEE01A30C
                              SHA-512:953FE517207156BC5BB2F67A19BE852C844A47178C4CF4375FF61E4DBC3DEDC9AB00E41D74A222787A44731C4B9248343E3E10A79F0C0F6E3030861EDCD1ACAA
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250423_173808.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250423_182921.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250423_210022.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250423_225839.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250424_012016.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250426_064512.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250428_111551.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250428_120441.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250430_165715.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250430_184531.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250430_204841.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250430_225931.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250501_003421.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250501_022715.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250501_043203.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250501_064351.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250501_083200.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250503_131845.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250503_141817.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250503_153848.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250503_164949.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250503_181655.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250503_202529.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250503_224814.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250506_031935.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250506_054656.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250508_110148.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250508_125844.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250508_145517.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250508_164937.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250508_175701.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250508_195715.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250508_215613.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250508_234326.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250511_044706.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250511_060841.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250511_075613.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146658
                              Entropy (8bit):7.929414400936123
                              Encrypted:false
                              SSDEEP:3072:G7QArELVi5YPiMJEn2mgiN4RGdeLtEkzgI3tWM1jYYxo+:6QxViEhJEn21iN4wdqqs3JYy
                              MD5:7525346E16DAD791281227ED89A6EFE6
                              SHA1:9B611D05BD28347AB9C2B0A024560FC4B2FE51CB
                              SHA-256:CE65B160FDEF8FC9148018CA9E1D2ABF97797B8FB0280998316DE32B0360AC16
                              SHA-512:6776F2084F0C7ED89F27750A4EA185B4C29D480E827CC3158475F3E989BBDB78B7B7464A06A7DCF36AABF9C91482868C53AF39BC2A7F2B85BBBDEAA516F159CC
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250511_090119.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146626
                              Entropy (8bit):7.929855655091265
                              Encrypted:false
                              SSDEEP:3072:G7QArEmSRAEgYPiMJEn2mgiN4RGdeLtEkzgI3tWM1jYYxo+:6QV9thJEn21iN4wdqqs3JYy
                              MD5:2DFFAE7C7A5C0F09AEA066BE022B7BED
                              SHA1:DC3C6F2AF15FEC7F5F4D93C4A792A9F7CA2C0CB0
                              SHA-256:5688C37A41B6BD889FFA2779EA5CFB6F4FF0A5FF0919D8AC6F16EEAD5D1E1269
                              SHA-512:AA276B8A3FFBCBCF87EE949994F1D6D4968BA3A709C5C9E9C66E77DB53EE14D1B322A4FF4B843BD2A0FF590682AFB4581AF1AD5B94583A6431A72890B81242E5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250511_113857.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146626
                              Entropy (8bit):7.929855655091265
                              Encrypted:false
                              SSDEEP:3072:G7QArEmSRAEgYPiMJEn2mgiN4RGdeLtEkzgI3tWM1jYYxo+:6QV9thJEn21iN4wdqqs3JYy
                              MD5:2DFFAE7C7A5C0F09AEA066BE022B7BED
                              SHA1:DC3C6F2AF15FEC7F5F4D93C4A792A9F7CA2C0CB0
                              SHA-256:5688C37A41B6BD889FFA2779EA5CFB6F4FF0A5FF0919D8AC6F16EEAD5D1E1269
                              SHA-512:AA276B8A3FFBCBCF87EE949994F1D6D4968BA3A709C5C9E9C66E77DB53EE14D1B322A4FF4B843BD2A0FF590682AFB4581AF1AD5B94583A6431A72890B81242E5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250513_160225.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146626
                              Entropy (8bit):7.929855655091265
                              Encrypted:false
                              SSDEEP:3072:G7QArEmSRAEgYPiMJEn2mgiN4RGdeLtEkzgI3tWM1jYYxo+:6QV9thJEn21iN4wdqqs3JYy
                              MD5:2DFFAE7C7A5C0F09AEA066BE022B7BED
                              SHA1:DC3C6F2AF15FEC7F5F4D93C4A792A9F7CA2C0CB0
                              SHA-256:5688C37A41B6BD889FFA2779EA5CFB6F4FF0A5FF0919D8AC6F16EEAD5D1E1269
                              SHA-512:AA276B8A3FFBCBCF87EE949994F1D6D4968BA3A709C5C9E9C66E77DB53EE14D1B322A4FF4B843BD2A0FF590682AFB4581AF1AD5B94583A6431A72890B81242E5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250513_164543.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146626
                              Entropy (8bit):7.929855655091265
                              Encrypted:false
                              SSDEEP:3072:G7QArEmSRAEgYPiMJEn2mgiN4RGdeLtEkzgI3tWM1jYYxo+:6QV9thJEn21iN4wdqqs3JYy
                              MD5:2DFFAE7C7A5C0F09AEA066BE022B7BED
                              SHA1:DC3C6F2AF15FEC7F5F4D93C4A792A9F7CA2C0CB0
                              SHA-256:5688C37A41B6BD889FFA2779EA5CFB6F4FF0A5FF0919D8AC6F16EEAD5D1E1269
                              SHA-512:AA276B8A3FFBCBCF87EE949994F1D6D4968BA3A709C5C9E9C66E77DB53EE14D1B322A4FF4B843BD2A0FF590682AFB4581AF1AD5B94583A6431A72890B81242E5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250513_165816.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146626
                              Entropy (8bit):7.929855655091265
                              Encrypted:false
                              SSDEEP:3072:G7QArEmSRAEgYPiMJEn2mgiN4RGdeLtEkzgI3tWM1jYYxo+:6QV9thJEn21iN4wdqqs3JYy
                              MD5:2DFFAE7C7A5C0F09AEA066BE022B7BED
                              SHA1:DC3C6F2AF15FEC7F5F4D93C4A792A9F7CA2C0CB0
                              SHA-256:5688C37A41B6BD889FFA2779EA5CFB6F4FF0A5FF0919D8AC6F16EEAD5D1E1269
                              SHA-512:AA276B8A3FFBCBCF87EE949994F1D6D4968BA3A709C5C9E9C66E77DB53EE14D1B322A4FF4B843BD2A0FF590682AFB4581AF1AD5B94583A6431A72890B81242E5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250513_173029.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146701
                              Entropy (8bit):7.930703359487061
                              Encrypted:false
                              SSDEEP:3072:G7QkrMM4BIb+OPp55VpbvECcxhRZEIDsoxsTkffeiP2i/bI:6Q840+Ap5BcDROIAjkffzPt/M
                              MD5:28F31DB70BD60CEC3EF65025DBFAB15F
                              SHA1:F7BDA88D5B6CCC3623C507BE6623B3DE8D581168
                              SHA-256:079156FFA0CFC1D077DD7FF84EEEDA8A9C8AD5BA53252E856E64623DD86AFDEE
                              SHA-512:DFF74EA8F3F259D6C8A9BB3543E2660A8074ED387E267314433047E20B969AAED97280E4650890FBC1C19CD1EB3FF3BACFD9A951BB57F4223535D731F7E88722
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250513_195018.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250513_213018.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250513_231254.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250516_035420.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250516_050641.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250516_055907.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250516_065538.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152370
                              Entropy (8bit):7.929346748093471
                              Encrypted:false
                              SSDEEP:3072:GLNSqvxRQnrFp1BD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:mNS1LjDUjVXJ5WwtTCEx+z
                              MD5:141FE22C8AB6799A2014C42A88BF2A3E
                              SHA1:DD4F3BBCD4DB9E9507208666A8F6A09E8962DFBE
                              SHA-256:6DA6F6A83B0E084A7C58D0BE213177C62C8038769677708FE1DA59AF7320BA63
                              SHA-512:F5BBE72ADBA54306FAFA17EEDB2E6745570FDAC3EB98A89A23C129C33F1B3B5F3CFFCF6944B5F80C2674B9C0777911F44626A39F47F8E0D9F8975129EF4FC3D8
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250516_081647.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154528
                              Entropy (8bit):7.92664246949652
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpd+n6q6WEoTDz:++yjvM1nSrCBwjvCnvcTv
                              MD5:B20A8EA8C57A6FA397F32F1007438D99
                              SHA1:143BD86593E08ECC2496528731DA95D0E5A935EA
                              SHA-256:AFEA175B39531840017C92BA294E10DFBB73CC552C816F6C302482288DBE4614
                              SHA-512:95A6FD6D38F32A778D2EBE53C458A4432A2D9024FA617D24C6B575145087C845C105086787F1CC77172F927D4F611133202FA5D3AF984E8B9DBF564780C24CDF
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250516_094913.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154528
                              Entropy (8bit):7.92664246949652
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpd+n6q6WEoTDz:++yjvM1nSrCBwjvCnvcTv
                              MD5:B20A8EA8C57A6FA397F32F1007438D99
                              SHA1:143BD86593E08ECC2496528731DA95D0E5A935EA
                              SHA-256:AFEA175B39531840017C92BA294E10DFBB73CC552C816F6C302482288DBE4614
                              SHA-512:95A6FD6D38F32A778D2EBE53C458A4432A2D9024FA617D24C6B575145087C845C105086787F1CC77172F927D4F611133202FA5D3AF984E8B9DBF564780C24CDF
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250516_112706.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154528
                              Entropy (8bit):7.92664246949652
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpd+n6q6WEoTDz:++yjvM1nSrCBwjvCnvcTv
                              MD5:B20A8EA8C57A6FA397F32F1007438D99
                              SHA1:143BD86593E08ECC2496528731DA95D0E5A935EA
                              SHA-256:AFEA175B39531840017C92BA294E10DFBB73CC552C816F6C302482288DBE4614
                              SHA-512:95A6FD6D38F32A778D2EBE53C458A4432A2D9024FA617D24C6B575145087C845C105086787F1CC77172F927D4F611133202FA5D3AF984E8B9DBF564780C24CDF
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250516_130721.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250516_140317.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250516_154154.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250516_181131.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250516_220412.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250517_014728.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250517_032210.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250517_041936.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250517_051224.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250517_060153.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250517_062101.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250517_065754.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250517_082308.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250517_093201.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250519_141844.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250519_160628.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250519_174441.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250519_184724.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250519_213646.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250520_013625.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250520_044400.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250522_105352.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250522_123955.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250524_172654.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250524_192819.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250524_212614.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250524_225029.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250525_003458.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250525_022445.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250527_064135.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250527_075058.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250527_091358.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250527_104524.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250716_165455.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250716_181601.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250716_193808.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250716_204237.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250716_212831.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250716_230705.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250717_015022.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250717_041753.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250717_085718.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250719_134515.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250719_153401.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250719_182711.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250719_200354.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250719_211133.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250719_220019.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250719_222726.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250719_224809.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250719_225510.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250719_231834.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250720_010657.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250720_022636.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250720_040326.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250720_054522.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250720_073901.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250720_085320.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250720_093249.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250720_105007.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250720_122718.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250720_140847.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250720_151311.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250722_200438.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250722_213739.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250725_015141.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250725_032402.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250725_043758.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250725_055914.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250725_072014.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250725_082056.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250725_100419.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250725_115227.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250725_135633.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250725_144638.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250725_161338.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250725_180724.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250725_195929.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250725_205858.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250725_224403.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250728_031733.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250728_043908.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250730_084715.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250730_093802.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250730_104828.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250730_113928.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250730_122234.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250730_133041.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250730_150031.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250730_163259.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250730_181605.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250730_195720.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250730_211110.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250802_020300.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250802_030453.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):153374
                              Entropy (8bit):7.926137285774263
                              Encrypted:false
                              SSDEEP:3072:G1vxeMURyYkSO8fBtwV3fwjxt7HId8uzBpnDToEZPOXt8ZFXFmJ:eplDFqi3fwDId8ulpPVMWZ9cJ
                              MD5:4300B3CC9AF78A1045EC01B3DE00BACB
                              SHA1:DF9F9D913724839698D81B180165E0B152A197C3
                              SHA-256:DCB9D97DE66B479DB2585DE9BD3476BCF8EAF6A79746202F9DC1C74D6600E34B
                              SHA-512:190973016C852322B0040270471A56CA8CE114BF785A7A6F9352A9CBBEECC99E72E7A07F926E8839DE4CB59BFE5A779A1F726A17850C994784C5CC68EEA6BCA8
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250802_045708.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154392
                              Entropy (8bit):7.9247778375379845
                              Encrypted:false
                              SSDEEP:3072:GgkIPoAYkaQ1IlajnZxih5QezuKpv0k+Unhl1W2i4cDWfmoZjlb:WI5+LsjZMtuq4ghROoz
                              MD5:8770250263F0C07C4E5BB50E808113B8
                              SHA1:AE62C5ABE872B199E44301F0AA8164D4A6E133C8
                              SHA-256:99738B5BEE78346CA748060F514E9BAA3017B8ECEB68B5823A2FCFDDEE01A30C
                              SHA-512:953FE517207156BC5BB2F67A19BE852C844A47178C4CF4375FF61E4DBC3DEDC9AB00E41D74A222787A44731C4B9248343E3E10A79F0C0F6E3030861EDCD1ACAA
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250802_062535.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154392
                              Entropy (8bit):7.9247778375379845
                              Encrypted:false
                              SSDEEP:3072:GgkIPoAYkaQ1IlajnZxih5QezuKpv0k+Unhl1W2i4cDWfmoZjlb:WI5+LsjZMtuq4ghROoz
                              MD5:8770250263F0C07C4E5BB50E808113B8
                              SHA1:AE62C5ABE872B199E44301F0AA8164D4A6E133C8
                              SHA-256:99738B5BEE78346CA748060F514E9BAA3017B8ECEB68B5823A2FCFDDEE01A30C
                              SHA-512:953FE517207156BC5BB2F67A19BE852C844A47178C4CF4375FF61E4DBC3DEDC9AB00E41D74A222787A44731C4B9248343E3E10A79F0C0F6E3030861EDCD1ACAA
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250802_083544.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154392
                              Entropy (8bit):7.9247778375379845
                              Encrypted:false
                              SSDEEP:3072:GgkIPoAYkaQ1IlajnZxih5QezuKpv0k+Unhl1W2i4cDWfmoZjlb:WI5+LsjZMtuq4ghROoz
                              MD5:8770250263F0C07C4E5BB50E808113B8
                              SHA1:AE62C5ABE872B199E44301F0AA8164D4A6E133C8
                              SHA-256:99738B5BEE78346CA748060F514E9BAA3017B8ECEB68B5823A2FCFDDEE01A30C
                              SHA-512:953FE517207156BC5BB2F67A19BE852C844A47178C4CF4375FF61E4DBC3DEDC9AB00E41D74A222787A44731C4B9248343E3E10A79F0C0F6E3030861EDCD1ACAA
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250802_094632.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250802_110004.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250804_155002.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250804_172428.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250806_213828.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250809_032341.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250811_081005.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250811_091627.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250811_095815.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250813_133941.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250813_153930.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250813_170727.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250813_175556.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250813_201048.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250813_213702.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250813_225707.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250814_001030.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250814_012537.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250816_062415.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250816_074718.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250816_090052.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250818_125825.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250820_174150.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250820_191834.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250820_204856.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250820_225257.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250823_035318.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250823_053940.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250823_064203.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250823_083155.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250823_102211.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250823_121006.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250823_134724.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250823_144626.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250823_162409.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250823_170328.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250823_191231.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250823_205121.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250823_221213.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250823_233836.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250824_004534.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250824_015339.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250824_023330.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250826_071235.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250828_115450.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250828_130639.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250828_140827.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250828_151635.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250830_191742.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250830_204015.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250830_231021.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250831_001824.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250831_022724.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250831_043140.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250831_060328.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250831_064239.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250831_073006.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250831_084528.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250831_094622.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250831_104326.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250831_115947.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250831_130733.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250831_142708.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250831_150545.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152805
                              Entropy (8bit):7.928848515555454
                              Encrypted:false
                              SSDEEP:3072:GBwNWkuB9NFcLpHuwGoJIb+OPp55VpbvECcxhRZEIDsoxsTkffeiP2i/bI:gwNWxNOLpLXs+Ap5BcDROIAjkffzPt/M
                              MD5:68108433F842CC35316966693F1642FF
                              SHA1:C51DCD341B2716AD58C71D0884B55234C4A01F14
                              SHA-256:678A523DA16B698259EC92B973BCC36FDF038B78A6DCEADC5DE93698CA4A3137
                              SHA-512:880BAE3058E870D270DC2CA7FF39AD21978EA7ED04DB24765CEC8387F43818910B261BEC73A40AA96D811552DE1326DA73E614B4906CC83AEECB850DE313845B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250902_193553.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154439
                              Entropy (8bit):7.9254219921018585
                              Encrypted:false
                              SSDEEP:3072:GQeOx8gJSmmDtlOYgJYPiMJEn2mgiN4RGdeLtEkzgI3tWM1jYYxo+:X1x8gAblO30hJEn21iN4wdqqs3JYy
                              MD5:C7AB49CD9D6C43714FE1E39C19EA5A84
                              SHA1:1A4B2256413CDC222EBB5B3CE379F957D3BBB9DC
                              SHA-256:3A3B62E5658B801A9F12745C85EAE023228DE23FACD46DB9947925B21CD74D86
                              SHA-512:091F43C1833FCA06EC81F7BDEA5E77526882753C0ED6183830E91D8A48D18E12BF11561A2800C81282416EFC128B271767DD0665102847844A0A94E62790B6E5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250902_210617.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154528
                              Entropy (8bit):7.92664246949652
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpd+n6q6WEoTDz:++yjvM1nSrCBwjvCnvcTv
                              MD5:B20A8EA8C57A6FA397F32F1007438D99
                              SHA1:143BD86593E08ECC2496528731DA95D0E5A935EA
                              SHA-256:AFEA175B39531840017C92BA294E10DFBB73CC552C816F6C302482288DBE4614
                              SHA-512:95A6FD6D38F32A778D2EBE53C458A4432A2D9024FA617D24C6B575145087C845C105086787F1CC77172F927D4F611133202FA5D3AF984E8B9DBF564780C24CDF
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250905_014856.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154528
                              Entropy (8bit):7.92664246949652
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpd+n6q6WEoTDz:++yjvM1nSrCBwjvCnvcTv
                              MD5:B20A8EA8C57A6FA397F32F1007438D99
                              SHA1:143BD86593E08ECC2496528731DA95D0E5A935EA
                              SHA-256:AFEA175B39531840017C92BA294E10DFBB73CC552C816F6C302482288DBE4614
                              SHA-512:95A6FD6D38F32A778D2EBE53C458A4432A2D9024FA617D24C6B575145087C845C105086787F1CC77172F927D4F611133202FA5D3AF984E8B9DBF564780C24CDF
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250905_031803.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154528
                              Entropy (8bit):7.92664246949652
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpd+n6q6WEoTDz:++yjvM1nSrCBwjvCnvcTv
                              MD5:B20A8EA8C57A6FA397F32F1007438D99
                              SHA1:143BD86593E08ECC2496528731DA95D0E5A935EA
                              SHA-256:AFEA175B39531840017C92BA294E10DFBB73CC552C816F6C302482288DBE4614
                              SHA-512:95A6FD6D38F32A778D2EBE53C458A4432A2D9024FA617D24C6B575145087C845C105086787F1CC77172F927D4F611133202FA5D3AF984E8B9DBF564780C24CDF
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250905_044700.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250905_053002.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250905_055407.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250905_062753.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250905_065559.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250905_073141.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250905_080926.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250905_085110.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250905_100518.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250905_121338.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250905_145656.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250905_172643.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250905_193014.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250905_211717.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250905_235918.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250908_051246.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250908_070445.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250908_080923.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250908_100007.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250908_111713.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250910_152355.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250910_160949.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250910_170926.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250910_181721.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250910_193500.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250910_212058.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250910_224018.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250911_003229.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250911_015337.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250911_030503.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250911_041438.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250911_060754.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250911_080218.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250911_094332.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250911_105504.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250911_121043.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250911_125521.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250913_170616.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250913_180612.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250913_184459.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250913_202246.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250913_220821.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250913_234529.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146763
                              Entropy (8bit):7.92991738982002
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1AxhEK+f9tgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUhQf9J5WwtTCEx+z
                              MD5:FAD49C606A7B1BC1FA3413DDAAB4280E
                              SHA1:CC72FAB76600962D3E57100DADA60147DCA1173B
                              SHA-256:C21EADFEA77E9A0E96CF7D09EACD1158046501F63FB0A79760279996350E677E
                              SHA-512:F8D63987D9CAE8495CED96BED83315CE40440AFEAED9F9A7550627430FA4C95D165CC04C7ACCAB99F7CC8D3B0085746CF816231C0DF78EE2D69EF6AE8AA5FDE5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250914_013555.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250916_053602.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250916_065414.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250916_080112.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250916_090411.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250916_110507.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250916_120647.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250916_132437.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250916_144359.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250916_150556.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250916_161105.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250916_175123.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250916_193922.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250916_212818.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250916_223627.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250916_233831.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250917_012722.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250917_022649.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250917_033610.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146320
                              Entropy (8bit):7.9305292449737985
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+EA:6QzDUjVXJ5WwtTCEx+z
                              MD5:DBECBB8C9791BDC4A19693A31FE099B6
                              SHA1:5054B07DB1D893A5B189A18F7799AF463668E64C
                              SHA-256:6752BD72F130B0EDD93252B667514AFCA795DDA3B026856029B68B3FC2B36171
                              SHA-512:78B4F9961595E7036233C2BE78D47A5C97C2F67F47445E06EDF522C55A5805B9E1A7DB8FAB98932E52BA595E8E01CBCB7C430079314F952AC1E7714DFA810E7B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20250917_044041.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151954
                              Entropy (8bit):7.927664309126862
                              Encrypted:false
                              SSDEEP:3072:GRxNYV9Nkpj8ljyYIb+OPp55VpbvECcxhRZEIDsoxsTkffeiP2i/bI:WxNY5kpIK+Ap5BcDROIAjkffzPt/M
                              MD5:553091E13A45E0BB34136D2432F02D65
                              SHA1:13A1CDFEB93F24862E3A6FDDEDEF870EAFA1D71D
                              SHA-256:8A5ACE9254BF3801419B06E28CB2CA95A8FB820FC6446B30123A6DCD7D7DF390
                              SHA-512:7F0163EFA80DE6B67CE3489C43D7BAB65E9358018FF42CC817CD6DFE10F1459F128DDE8745272B5F8E96A1CE635D72BA72F5260F9F6B32ECE4C149C517D382F6
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251207_130839.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251207_141926.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251209_183255.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251209_193726.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251212_003930.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251212_014235.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251214_054642.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251214_065901.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251214_075408.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251214_082129.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251216_123429.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251216_125406.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152818
                              Entropy (8bit):7.928286324892264
                              Encrypted:false
                              SSDEEP:3072:GBwNWkuB9NFcLpHuwGoJIb+OPp55VpbvECcxhRZEIDsoxsTkffeiP2icB:gwNWxNOLpLXs+Ap5BcDROIAjkffzPtS
                              MD5:145FB26FE46D3EA9947E9E69E9B15040
                              SHA1:2B29591F65CA28B2B89EA3E032094F59DB2F6F99
                              SHA-256:50E7C17F881266B9CDEBA65082CB2527889B4777389889BAEEE875AFFC3DA130
                              SHA-512:9A82A0A3C6219E9B0E43D77D16B3264BE0CA2812A9912CDD3297A6A70D40F42212D8734FB53E5816014763369CCB71E86E099C33F11DB16875504D754F97D5B3
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251216_143121.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154526
                              Entropy (8bit):7.926555932908619
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpd+n6q6WEo+2EA:++yjvM1nSrCBwjvCnvc5z
                              MD5:1AB0218BCEF2C8AF442D532357F54BD3
                              SHA1:0CE8C9C6BD7F18012F441376B695F4684BEA5EE8
                              SHA-256:C29B9E78A5D110248BD967B8EC14BD3E50DEBE49E679D8515517FACB5CA3CE45
                              SHA-512:C6E70A84301BC0F2A50EF074180216A3AF071A9681D443FA730779A7FB8A071E685A46EBAE96C83EEBD1EFAE0773F17B6F1336439A87EC13E8935111F754ECB3
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251216_152835.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154526
                              Entropy (8bit):7.926555932908619
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpd+n6q6WEo+2EA:++yjvM1nSrCBwjvCnvc5z
                              MD5:1AB0218BCEF2C8AF442D532357F54BD3
                              SHA1:0CE8C9C6BD7F18012F441376B695F4684BEA5EE8
                              SHA-256:C29B9E78A5D110248BD967B8EC14BD3E50DEBE49E679D8515517FACB5CA3CE45
                              SHA-512:C6E70A84301BC0F2A50EF074180216A3AF071A9681D443FA730779A7FB8A071E685A46EBAE96C83EEBD1EFAE0773F17B6F1336439A87EC13E8935111F754ECB3
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251216_161813.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154526
                              Entropy (8bit):7.926555932908619
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpd+n6q6WEo+2EA:++yjvM1nSrCBwjvCnvc5z
                              MD5:1AB0218BCEF2C8AF442D532357F54BD3
                              SHA1:0CE8C9C6BD7F18012F441376B695F4684BEA5EE8
                              SHA-256:C29B9E78A5D110248BD967B8EC14BD3E50DEBE49E679D8515517FACB5CA3CE45
                              SHA-512:C6E70A84301BC0F2A50EF074180216A3AF071A9681D443FA730779A7FB8A071E685A46EBAE96C83EEBD1EFAE0773F17B6F1336439A87EC13E8935111F754ECB3
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251216_171336.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154526
                              Entropy (8bit):7.926555932908619
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpd+n6q6WEo+2EA:++yjvM1nSrCBwjvCnvc5z
                              MD5:1AB0218BCEF2C8AF442D532357F54BD3
                              SHA1:0CE8C9C6BD7F18012F441376B695F4684BEA5EE8
                              SHA-256:C29B9E78A5D110248BD967B8EC14BD3E50DEBE49E679D8515517FACB5CA3CE45
                              SHA-512:C6E70A84301BC0F2A50EF074180216A3AF071A9681D443FA730779A7FB8A071E685A46EBAE96C83EEBD1EFAE0773F17B6F1336439A87EC13E8935111F754ECB3
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251216_185144.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251216_203134.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251216_221637.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251216_232816.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251217_011536.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251217_021907.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251217_035426.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251217_052319.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251219_101631.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251221_144651.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251223_190245.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251223_200815.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251223_204539.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251223_210145.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251223_212530.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251223_214633.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251223_221132.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251223_223357.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251224_003052.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251224_013520.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251224_023839.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251224_032142.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251224_044403.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251224_060114.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251224_072753.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251224_083041.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251224_103733.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251224_122025.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251224_132455.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251224_142410.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251224_154618.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251226_200917.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251226_211849.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251226_222801.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251226_232155.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251227_004351.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251229_045944.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251229_062508.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251229_073855.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251229_085407.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251229_104028.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251229_115810.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251229_135312.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251229_152101.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251229_164148.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251229_171757.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146681
                              Entropy (8bit):7.928789869510231
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8VH10PI3tWM1jYYUDmJ:6QzDUjVXJ5g3JYIJ
                              MD5:8292E846CE2B43B2871339BF4CCBC48B
                              SHA1:3A2D78A496C784353045C8B4A14AE10119BDC754
                              SHA-256:FD828FBFC6D495BA37256A8053387FC78D6DD262BB0DB1B3DC018FD547879DAC
                              SHA-512:A4CFC5E3BCBDD65B43517B97D268C7BE437E35958917BF88259F904788F449C6DCFFF12833770DFD2932DD27D8D21AE6749F8989153638D0FC6B9B19350573C1
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251229_182916.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146744
                              Entropy (8bit):7.929946525622406
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6WToEZPOXt8ZFL:6QzDUjVXJ5WSVMWZJ
                              MD5:5AE5FF91F3EE99BDBE3E427C04264E93
                              SHA1:EC6A6B5CD0D0C4FD3C17D5CAFA106A21011000E9
                              SHA-256:845EA0E9228A46703ADA7C6E25E4B3A1D1F60A6B5A9764C29A9E2F760CB59BA7
                              SHA-512:E57DFA2C71574C8E85BD79483C0AE7C35FC0DBAB0AF1EE762B25AAD78791831EB813E47B33763CC1888BC14ED26A63776A234CD3D25604A3D001122CFBF2AE1D
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251229_204642.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251229_215756.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20251229_225130.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260101_024838.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146662
                              Entropy (8bit):7.931030081715045
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCcRT2/+oJrSXC+Bb1:6QzDUjVXJ5WwtTCmvCER
                              MD5:C9ECA0D118360DD91F5FF9A23753E271
                              SHA1:CCC39CCD7B859158D29C725407123464BABC0DD9
                              SHA-256:01331ABE66B4FEC5B4C3699789CFDD17F4ABF6157D20722D94BD4A58668E91B9
                              SHA-512:35F07D271724D96705E09478F0E43E1F94D421E3ECF8D0D95063939F37930C643715FDE79FCAF391A1B02E39C01F5B6CC5A2FE2E96CCFA0F65326885CE8AEE0B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260101_033642.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146662
                              Entropy (8bit):7.931030081715045
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCcRT2/+oJrSXC+Bb1:6QzDUjVXJ5WwtTCmvCER
                              MD5:C9ECA0D118360DD91F5FF9A23753E271
                              SHA1:CCC39CCD7B859158D29C725407123464BABC0DD9
                              SHA-256:01331ABE66B4FEC5B4C3699789CFDD17F4ABF6157D20722D94BD4A58668E91B9
                              SHA-512:35F07D271724D96705E09478F0E43E1F94D421E3ECF8D0D95063939F37930C643715FDE79FCAF391A1B02E39C01F5B6CC5A2FE2E96CCFA0F65326885CE8AEE0B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260101_050104.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146662
                              Entropy (8bit):7.931030081715045
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCcRT2/+oJrSXC+Bb1:6QzDUjVXJ5WwtTCmvCER
                              MD5:C9ECA0D118360DD91F5FF9A23753E271
                              SHA1:CCC39CCD7B859158D29C725407123464BABC0DD9
                              SHA-256:01331ABE66B4FEC5B4C3699789CFDD17F4ABF6157D20722D94BD4A58668E91B9
                              SHA-512:35F07D271724D96705E09478F0E43E1F94D421E3ECF8D0D95063939F37930C643715FDE79FCAF391A1B02E39C01F5B6CC5A2FE2E96CCFA0F65326885CE8AEE0B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260101_063144.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146662
                              Entropy (8bit):7.931030081715045
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCcRT2/+oJrSXC+Bb1:6QzDUjVXJ5WwtTCmvCER
                              MD5:C9ECA0D118360DD91F5FF9A23753E271
                              SHA1:CCC39CCD7B859158D29C725407123464BABC0DD9
                              SHA-256:01331ABE66B4FEC5B4C3699789CFDD17F4ABF6157D20722D94BD4A58668E91B9
                              SHA-512:35F07D271724D96705E09478F0E43E1F94D421E3ECF8D0D95063939F37930C643715FDE79FCAF391A1B02E39C01F5B6CC5A2FE2E96CCFA0F65326885CE8AEE0B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260105_142349.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146662
                              Entropy (8bit):7.931030081715045
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCcRT2/+oJrSXC+Bb1:6QzDUjVXJ5WwtTCmvCER
                              MD5:C9ECA0D118360DD91F5FF9A23753E271
                              SHA1:CCC39CCD7B859158D29C725407123464BABC0DD9
                              SHA-256:01331ABE66B4FEC5B4C3699789CFDD17F4ABF6157D20722D94BD4A58668E91B9
                              SHA-512:35F07D271724D96705E09478F0E43E1F94D421E3ECF8D0D95063939F37930C643715FDE79FCAF391A1B02E39C01F5B6CC5A2FE2E96CCFA0F65326885CE8AEE0B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260105_153813.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146662
                              Entropy (8bit):7.931030081715045
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCcRT2/+oJrSXC+Bb1:6QzDUjVXJ5WwtTCmvCER
                              MD5:C9ECA0D118360DD91F5FF9A23753E271
                              SHA1:CCC39CCD7B859158D29C725407123464BABC0DD9
                              SHA-256:01331ABE66B4FEC5B4C3699789CFDD17F4ABF6157D20722D94BD4A58668E91B9
                              SHA-512:35F07D271724D96705E09478F0E43E1F94D421E3ECF8D0D95063939F37930C643715FDE79FCAF391A1B02E39C01F5B6CC5A2FE2E96CCFA0F65326885CE8AEE0B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260105_172557.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146662
                              Entropy (8bit):7.931030081715045
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCcRT2/+oJrSXC+Bb1:6QzDUjVXJ5WwtTCmvCER
                              MD5:C9ECA0D118360DD91F5FF9A23753E271
                              SHA1:CCC39CCD7B859158D29C725407123464BABC0DD9
                              SHA-256:01331ABE66B4FEC5B4C3699789CFDD17F4ABF6157D20722D94BD4A58668E91B9
                              SHA-512:35F07D271724D96705E09478F0E43E1F94D421E3ECF8D0D95063939F37930C643715FDE79FCAF391A1B02E39C01F5B6CC5A2FE2E96CCFA0F65326885CE8AEE0B
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260105_183256.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):147412
                              Entropy (8bit):7.9301117610960095
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8VH10PI3tNAkex6WEo+2EA:6QzDUjVXJ5g3tq5z
                              MD5:7D01A8CF018735722320A759B2445AA9
                              SHA1:6E71696D1FC4CBC198AA1BD56DED3CDB73FB38B8
                              SHA-256:5B56356106CB56847B3F5AB26DEF8A43A512031555A9166289489CFBE5A3A167
                              SHA-512:10BDDCB31C10E3D7FAE37A93B20EB2242198B36FF89DAAEA102F6C43C7AD55622BBC52676CCB95550F55F380CC0B91F63FFD6DECCE91E6E51A3D302635FD6C53
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260105_193049.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260105_203852.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260105_214932.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260105_225641.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260106_002451.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260106_012612.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260106_023247.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260106_033910.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260106_044916.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260106_060751.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260106_065154.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):151223
                              Entropy (8bit):7.929805699750963
                              Encrypted:false
                              SSDEEP:3072:GK+rc+QE/ja8MA6/RpSrCysbwj/vCpd+n6q6WEo+2EA:Kc+QYjvM1nSrCBwjvCnvc5z
                              MD5:A452C41D6D41985EF47B99C13248FC73
                              SHA1:CFD612211AA89927A5726165AEEB56ED96F71AF6
                              SHA-256:54988103A521B7C225398E64E47833F02AF95D7C80345838D88E4770079888CD
                              SHA-512:D53E6DEA11D2153C7438E66C69781EC2130C115B526D46CF83D9A20F24D06A7EDD1106F77514AEF22FD802DF8D84AD59008B9EDEAE475C73BC9AEEB120C47CEC
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260106_070957.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154526
                              Entropy (8bit):7.926555932908619
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpd+n6q6WEo+2EA:++yjvM1nSrCBwjvCnvc5z
                              MD5:1AB0218BCEF2C8AF442D532357F54BD3
                              SHA1:0CE8C9C6BD7F18012F441376B695F4684BEA5EE8
                              SHA-256:C29B9E78A5D110248BD967B8EC14BD3E50DEBE49E679D8515517FACB5CA3CE45
                              SHA-512:C6E70A84301BC0F2A50EF074180216A3AF071A9681D443FA730779A7FB8A071E685A46EBAE96C83EEBD1EFAE0773F17B6F1336439A87EC13E8935111F754ECB3
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260106_071256.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154526
                              Entropy (8bit):7.926555932908619
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpd+n6q6WEo+2EA:++yjvM1nSrCBwjvCnvc5z
                              MD5:1AB0218BCEF2C8AF442D532357F54BD3
                              SHA1:0CE8C9C6BD7F18012F441376B695F4684BEA5EE8
                              SHA-256:C29B9E78A5D110248BD967B8EC14BD3E50DEBE49E679D8515517FACB5CA3CE45
                              SHA-512:C6E70A84301BC0F2A50EF074180216A3AF071A9681D443FA730779A7FB8A071E685A46EBAE96C83EEBD1EFAE0773F17B6F1336439A87EC13E8935111F754ECB3
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260106_071828.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154526
                              Entropy (8bit):7.926555932908619
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpd+n6q6WEo+2EA:++yjvM1nSrCBwjvCnvc5z
                              MD5:1AB0218BCEF2C8AF442D532357F54BD3
                              SHA1:0CE8C9C6BD7F18012F441376B695F4684BEA5EE8
                              SHA-256:C29B9E78A5D110248BD967B8EC14BD3E50DEBE49E679D8515517FACB5CA3CE45
                              SHA-512:C6E70A84301BC0F2A50EF074180216A3AF071A9681D443FA730779A7FB8A071E685A46EBAE96C83EEBD1EFAE0773F17B6F1336439A87EC13E8935111F754ECB3
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260106_082939.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154526
                              Entropy (8bit):7.926555932908619
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpd+n6q6WEo+2EA:++yjvM1nSrCBwjvCnvc5z
                              MD5:1AB0218BCEF2C8AF442D532357F54BD3
                              SHA1:0CE8C9C6BD7F18012F441376B695F4684BEA5EE8
                              SHA-256:C29B9E78A5D110248BD967B8EC14BD3E50DEBE49E679D8515517FACB5CA3CE45
                              SHA-512:C6E70A84301BC0F2A50EF074180216A3AF071A9681D443FA730779A7FB8A071E685A46EBAE96C83EEBD1EFAE0773F17B6F1336439A87EC13E8935111F754ECB3
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260106_095017.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154526
                              Entropy (8bit):7.926555932908619
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpd+n6q6WEo+2EA:++yjvM1nSrCBwjvCnvc5z
                              MD5:1AB0218BCEF2C8AF442D532357F54BD3
                              SHA1:0CE8C9C6BD7F18012F441376B695F4684BEA5EE8
                              SHA-256:C29B9E78A5D110248BD967B8EC14BD3E50DEBE49E679D8515517FACB5CA3CE45
                              SHA-512:C6E70A84301BC0F2A50EF074180216A3AF071A9681D443FA730779A7FB8A071E685A46EBAE96C83EEBD1EFAE0773F17B6F1336439A87EC13E8935111F754ECB3
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260106_112427.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260106_123756.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260106_144437.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260108_195809.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260108_212147.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260108_221253.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260109_002600.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260109_021044.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260109_033040.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260109_044652.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260111_085815.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260111_111222.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260111_121644.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260111_125820.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260111_140341.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260111_151316.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260111_163250.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260111_180954.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260111_190507.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260111_202438.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260111_212206.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260111_222800.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260111_232936.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260112_000221.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260112_002006.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260112_005847.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260112_011748.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260112_014555.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260112_031627.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260112_041336.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260112_052750.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260114_092958.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260114_104811.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260114_122955.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260114_142435.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260114_155907.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260114_164951.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260116_210316.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260119_011650.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260119_041109.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260119_061719.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260119_074040.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260119_092003.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260119_115232.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260119_140005.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260119_162527.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260119_174050.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260119_190453.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260119_195346.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260119_210259.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260122_020417.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260122_031436.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260122_041112.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260122_045707.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260122_055612.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260122_061028.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260122_063227.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260122_070928.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260122_072936.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260122_080322.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260122_103041.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260122_115011.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260122_131730.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260122_141322.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):153081
                              Entropy (8bit):7.92767532087642
                              Encrypted:false
                              SSDEEP:3072:G7y8mKKR6D1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:4y8DUjVXJ5WwtTCExzN
                              MD5:E186D27E8E02870136714687F9C5BA38
                              SHA1:F051AD6B5DCF4FB506135E18104803CF292674B4
                              SHA-256:6C0D7471AAB78AEAC189BF5A962A58E8EBC0DD52A7D4E33AB4C76C5F16E0E4D0
                              SHA-512:D59E807A6F70ED9F93E0B4498136B14AE70814D41C4419E59AFA8473DB2C1CE6C66964122FC5AE874EDDF1066F6F1C1014AED84E78008D933744627421C5696F
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260122_170118.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154390
                              Entropy (8bit):7.9251050777135825
                              Encrypted:false
                              SSDEEP:3072:GgkIPoAYkaQ1IlajnZxih5QezuKpv0k+Unhl1W2i4cDWAD5:WI5+LsjZMtuq4ghRA9
                              MD5:08F8383099AE34AF67D06F59B11A28F0
                              SHA1:D738882C6EEA6500685BD5C5A5B6EBE7755D4D77
                              SHA-256:DB348654818509DBBF04AF867A72333A16AF01CB9EE969A0CD791136A8642168
                              SHA-512:4C560FB461CA8A53465C8FD22137F2AB44BF281F8B9A660AA81354CD38CEBAAED9A676892454070C25BBBFD823303D992AF95015D0EC53D559324CDBC19FB9B3
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260122_194329.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154390
                              Entropy (8bit):7.9251050777135825
                              Encrypted:false
                              SSDEEP:3072:GgkIPoAYkaQ1IlajnZxih5QezuKpv0k+Unhl1W2i4cDWAD5:WI5+LsjZMtuq4ghRA9
                              MD5:08F8383099AE34AF67D06F59B11A28F0
                              SHA1:D738882C6EEA6500685BD5C5A5B6EBE7755D4D77
                              SHA-256:DB348654818509DBBF04AF867A72333A16AF01CB9EE969A0CD791136A8642168
                              SHA-512:4C560FB461CA8A53465C8FD22137F2AB44BF281F8B9A660AA81354CD38CEBAAED9A676892454070C25BBBFD823303D992AF95015D0EC53D559324CDBC19FB9B3
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260122_230059.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260123_004516.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260123_012040.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260123_020154.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260123_030225.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260123_042002.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260123_053516.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260125_102855.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260125_112046.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260127_151824.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260127_163531.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260127_181825.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260129_231320.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260130_002733.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260130_020729.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260130_035013.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260130_050837.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260130_055548.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260130_071231.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260130_082042.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260130_092523.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260201_140750.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260201_145128.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260201_154144.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260201_160109.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260201_164216.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260201_173152.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260201_191207.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260201_202814.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260201_214441.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260201_231250.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260202_004256.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260202_013704.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260204_054509.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260204_072655.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260204_084834.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260204_095636.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260208_181744.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260208_194252.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260208_204456.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260208_214043.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260208_230949.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260209_013915.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260209_023837.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260209_041258.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260209_052234.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260209_062612.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260209_071815.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260209_073644.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260209_103310.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260406_215716.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260406_225213.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260406_231753.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152016
                              Entropy (8bit):7.927344286124406
                              Encrypted:false
                              SSDEEP:3072:GJwRuWAG3iPyajWj1dxVugxs/OabsK+sJ73qnLDNR+IVMXpwtmot:owAc3iaZ3xVujOabR+sFqLDNVMRot
                              MD5:5D282FE3DF00754D5FD0BBEC7FAE039A
                              SHA1:15D96278811BAD35D73E982234D25DB9283A3C3E
                              SHA-256:E6905BE29614054B1AF7E5469BC011ADCB43BF8C42CB71DB5CF99B1C00C2A72F
                              SHA-512:F8716C24BCB1A1CB6F6ECA29991418A734378703095D7BC3F027D3991BFBF75E3D7F0D869C6A1859B9BE432A4593CD76DA0944C5B1D45265A513FF68C8F9A227
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260407_002917.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154193
                              Entropy (8bit):7.927699024319578
                              Encrypted:false
                              SSDEEP:3072:GhActUXLqRY8TwoEvkbQwqKuI5owm35T2/+oJrSXC+Bb1:iTwoEva9u4ow6vCER
                              MD5:4D7FCDC832919E2687A1C40E1EE3E5E0
                              SHA1:F351F6DF744E9922E4CF3C0F153F38416DD32606
                              SHA-256:E393BCDD73D27D97D8C488089915C120B9E47ACE8FB093EA536AF3D1294E0CA8
                              SHA-512:85B5EF2F234C53A67F9C901DB9B66B1FD3B324C62FF37362883F03C0FAD82FA87EB1B2E3C4C8DBE8FC40E49A308ED2217AB89E1EEFA605F88F1166E2F6697DE9
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260407_011001.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154526
                              Entropy (8bit):7.926555932908619
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpd+n6q6WEo+2EA:++yjvM1nSrCBwjvCnvc5z
                              MD5:1AB0218BCEF2C8AF442D532357F54BD3
                              SHA1:0CE8C9C6BD7F18012F441376B695F4684BEA5EE8
                              SHA-256:C29B9E78A5D110248BD967B8EC14BD3E50DEBE49E679D8515517FACB5CA3CE45
                              SHA-512:C6E70A84301BC0F2A50EF074180216A3AF071A9681D443FA730779A7FB8A071E685A46EBAE96C83EEBD1EFAE0773F17B6F1336439A87EC13E8935111F754ECB3
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260407_030202.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154526
                              Entropy (8bit):7.926555932908619
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpd+n6q6WEo+2EA:++yjvM1nSrCBwjvCnvc5z
                              MD5:1AB0218BCEF2C8AF442D532357F54BD3
                              SHA1:0CE8C9C6BD7F18012F441376B695F4684BEA5EE8
                              SHA-256:C29B9E78A5D110248BD967B8EC14BD3E50DEBE49E679D8515517FACB5CA3CE45
                              SHA-512:C6E70A84301BC0F2A50EF074180216A3AF071A9681D443FA730779A7FB8A071E685A46EBAE96C83EEBD1EFAE0773F17B6F1336439A87EC13E8935111F754ECB3
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260407_034934.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154526
                              Entropy (8bit):7.926555932908619
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpd+n6q6WEo+2EA:++yjvM1nSrCBwjvCnvc5z
                              MD5:1AB0218BCEF2C8AF442D532357F54BD3
                              SHA1:0CE8C9C6BD7F18012F441376B695F4684BEA5EE8
                              SHA-256:C29B9E78A5D110248BD967B8EC14BD3E50DEBE49E679D8515517FACB5CA3CE45
                              SHA-512:C6E70A84301BC0F2A50EF074180216A3AF071A9681D443FA730779A7FB8A071E685A46EBAE96C83EEBD1EFAE0773F17B6F1336439A87EC13E8935111F754ECB3
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260407_044500.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260407_060947.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260407_065654.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260407_074245.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260407_083530.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260407_090213.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260409_125217.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260409_134003.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260409_143015.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260409_150646.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260409_153150.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260409_162302.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260411_202703.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260411_205900.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260411_215502.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260412_004216.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260412_034636.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260412_051612.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260412_061944.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260412_072406.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260412_100937.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260412_122041.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260412_130535.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260412_140549.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260412_155057.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260412_163104.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260412_165035.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260412_171907.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260412_175647.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260412_183424.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260412_192605.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260412_201737.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260415_002929.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260415_012516.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260415_022452.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260415_030817.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260415_033549.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260415_041710.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260415_050702.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260415_055615.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260415_062737.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260415_080134.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260415_083430.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260415_093024.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260415_102504.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260415_111300.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260415_120647.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260415_124321.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260415_133057.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260415_150725.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260415_163259.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260415_175715.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260417_221156.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260417_223518.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260420_023738.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260420_033842.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260420_041605.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260420_050014.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260420_060243.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260420_071612.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260420_075501.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260422_120842.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260422_125043.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260422_134206.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260422_143127.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260422_151401.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260422_161814.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260422_165152.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260424_210217.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260427_011747.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260427_022846.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260427_044243.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260427_061411.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260427_064005.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260429_104924.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260429_113447.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260429_115517.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260429_123631.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260429_131916.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260429_140540.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260429_145406.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260429_160552.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260501_201722.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260501_205744.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260501_220200.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260501_220531.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):152382
                              Entropy (8bit):7.929151535153524
                              Encrypted:false
                              SSDEEP:3072:GLNSqvxRQnrFp1BD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:mNS1LjDUjVXJ5WwtTCExzN
                              MD5:304D491602C4CBF7EEC066012CADEB13
                              SHA1:371A0BEDFE7E6A4FB5468EE94E3549176C184B83
                              SHA-256:157465194B43E9DBD431F279C4D1E32E14D0ADEA3C3C30F5EEF952EA11DEA949
                              SHA-512:3A9375514DB9DADD267805AC2C78E18BB5CAD14343E0C38846E2209A71C9398556089B5A6C2460D0582415FF0E4708CAF7E71318A74E1258D9BF762EC23144D8
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260501_221619.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):153775
                              Entropy (8bit):7.929166511879158
                              Encrypted:false
                              SSDEEP:3072:G619NSphIJp1wBuQ1IlajnZxih5QezuKpv0k+Unhl1W2i4cDWAD5:5ZSpq30uLsjZMtuq4ghRA9
                              MD5:6E05704285E35603B8B9B566B42DC71F
                              SHA1:BE3F1A9F160E8BE0AFC5D7DE6C962C936E50B4A8
                              SHA-256:1A74575C11586BA94ACA15819F3DEF83523AB9D95811EEBCC5E684C7BDE31FE9
                              SHA-512:9DAD83D7AF0DF8741B2E168250FFF33AC94425AC6386EBD6787CF66C666AD6D4943598949C9A5EE7FDFD1FE193D3AB2E9D1C5B06B35B57B2CA227BC86599DC2D
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260501_223134.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154526
                              Entropy (8bit):7.926555932908619
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpd+n6q6WEo+2EA:++yjvM1nSrCBwjvCnvc5z
                              MD5:1AB0218BCEF2C8AF442D532357F54BD3
                              SHA1:0CE8C9C6BD7F18012F441376B695F4684BEA5EE8
                              SHA-256:C29B9E78A5D110248BD967B8EC14BD3E50DEBE49E679D8515517FACB5CA3CE45
                              SHA-512:C6E70A84301BC0F2A50EF074180216A3AF071A9681D443FA730779A7FB8A071E685A46EBAE96C83EEBD1EFAE0773F17B6F1336439A87EC13E8935111F754ECB3
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260501_233403.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154526
                              Entropy (8bit):7.926555932908619
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpd+n6q6WEo+2EA:++yjvM1nSrCBwjvCnvc5z
                              MD5:1AB0218BCEF2C8AF442D532357F54BD3
                              SHA1:0CE8C9C6BD7F18012F441376B695F4684BEA5EE8
                              SHA-256:C29B9E78A5D110248BD967B8EC14BD3E50DEBE49E679D8515517FACB5CA3CE45
                              SHA-512:C6E70A84301BC0F2A50EF074180216A3AF071A9681D443FA730779A7FB8A071E685A46EBAE96C83EEBD1EFAE0773F17B6F1336439A87EC13E8935111F754ECB3
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260501_234643.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):154526
                              Entropy (8bit):7.926555932908619
                              Encrypted:false
                              SSDEEP:3072:GIhSAP32FMBUja8MA6/RpSrCysbwj/vCpd+n6q6WEo+2EA:++yjvM1nSrCBwjvCnvc5z
                              MD5:1AB0218BCEF2C8AF442D532357F54BD3
                              SHA1:0CE8C9C6BD7F18012F441376B695F4684BEA5EE8
                              SHA-256:C29B9E78A5D110248BD967B8EC14BD3E50DEBE49E679D8515517FACB5CA3CE45
                              SHA-512:C6E70A84301BC0F2A50EF074180216A3AF071A9681D443FA730779A7FB8A071E685A46EBAE96C83EEBD1EFAE0773F17B6F1336439A87EC13E8935111F754ECB3
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260502_004741.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260502_011403.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260502_015003.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260502_025210.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260502_040354.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260502_050902.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260502_063941.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260502_083511.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260502_092002.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260504_130140.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260504_131451.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260504_133825.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260504_135056.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260504_140143.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260504_141206.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260504_141828.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260504_143101.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146332
                              Entropy (8bit):7.930350041107747
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7Fz/jlb:6QzDUjVXJ5WwtTCExzN
                              MD5:0C2B572D76A478E44C3EF5A8FBB2267E
                              SHA1:407878629FC70C27371923A8CE5226A48A1217C6
                              SHA-256:F859A92E8C9A7A4CD6EBC87D343E7130D1C3A4FB87272F2BEA6D93AC76B041E8
                              SHA-512:8005D2A321E55EE790B75F334CA1E8C6D69F1EA8B185E0A8268748726F61225F18140A2D87F9F4B84D28E32BBC8DA38E150D5E5E2A257EF0BAD1532A2DE580C5
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260504_145255.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260506_194851.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260506_204925.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260506_220811.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260506_230810.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260506_231832.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260506_234248.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_003450.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_011048.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_012252.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_023953.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_035030.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_041212.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_044411.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_044713.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_045105.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_045251.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_045604.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_045952.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_050934.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_051638.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_052623.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_054301.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_054838.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_055439.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_063148.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_071109.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_074348.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_091457.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_115440.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_145723.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_180849.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260507_211544.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260510_011132.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260510_014312.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260510_022823.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260510_031425.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260510_040219.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260510_050212.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260510_055539.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260510_072457.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260510_082606.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260510_092135.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\Screenshots\time_20260510_093922.jpg

                              Download File
                              Process:C:\ProgramData\Remcos\remcos.exe
                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                              Category:dropped
                              Size (bytes):146325
                              Entropy (8bit):7.930456463800766
                              Encrypted:false
                              SSDEEP:3072:G7QArE0SD1Axj37LdrbtgOBVJ8Vtmj6wtTCaG7GJSq7F+Bjlb:6QzDUjVXJ5WwtTCExg
                              MD5:E55662606903BCC098F4D5665AFE66E2
                              SHA1:8C93CEACD83B5FBF77B2358C6393F4757D7632D1
                              SHA-256:B1ADE25B4E5743C57EF4545E599C86616546F6016E622826A24EA282285FC29F
                              SHA-512:3E96AA25EAE2682E62E278D7569773C4EE9F024F7AF926A148426C0FDA4F5A35978E731C2756AE6A59F03C0F9261EBD6B599DC9CE07DEC7E67F6217E7ADDF031
                              Malicious:false
                              Preview:......JFIF.....`.`.....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....W......'....c....4.X. .l...e.....V....<....d..`C.?S.a..|..1.......E.....=..O..(B.}^.......I^...|?.Y..i.b..Z\H.....1.~5..|#...8n} ..D.....K/....*.&...j..:...6..J......$y.....gU../.......+......+~..e{p.j.h;.#.9.,....O.4...m..{...v.....R....MY]'.dVKR.n.......I...[..C.\....=....o|N.|.?>C...|G$..o....G..^....w'....t?.]x...G...-&IVw..{s"....g..W...VO....

                              C:\Users\user\AppData\Roaming\mWrixkEbVc.exe

                              Download File
                              Process:C:\Users\user\Desktop\NEW ORDER- 4788467.exe
                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Category:dropped
                              Size (bytes):929792
                              Entropy (8bit):7.96424646745905
                              Encrypted:false
                              SSDEEP:24576:Nqho7Y33wd4D5N4UmVFruPkMKXbY31qKblvh:y1Hwd4FN4UoFqjKXboTp5
                              MD5:1CB86400147C835AF58017F0474C5BCC
                              SHA1:AC285CB623BF292341068DEAD954CFED9A1F8C81
                              SHA-256:C35B10FC350209EC356B48282D85B18D9B9AB5C0167DC88461297906602E3D61
                              SHA-512:CE74F39D092B13570F9387E5D43CED748DEA9557E8887FC072694A2CF448B2C4CF741DB3E76D551EBEF3511B906AE1CBE0FE670F8968E51D1441982EC73B9B0C
                              Malicious:true
                              Antivirus:
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: ReversingLabs, Detection: 68%
                              • Antivirus: Virustotal, Detection: 44%, Browse
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....m<g..............0..$...........C... ...`....@.. ....................................@.................................CC..O....`..L...........................@"..T............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...L....`.......&..............@..@.reloc..............................@..B................wC......H........}...O......i.......8U...........................................0..$..........s......s.....s ......o!...&..+..*.0..)........s\....s.......o[...s......o".......+...*....0..+........s\....r...p.(#......o[...s......o$....+..*..0..0........s\....rC..p.r...p(%......o[...s......o$....+..*.0...........s\.......O...%.r...p.%...%.r...p.%...%.r...p.%....%.r!..p.%....%.r;..p.%.....%..rU..p.%.....%..ry..p.%....%..r...p.(&......o[...s.......o$...&r...p('...&......o(...('...&...*.

                              C:\Users\user\AppData\Roaming\mWrixkEbVc.exe:Zone.Identifier

                              Download File
                              Process:C:\Users\user\Desktop\NEW ORDER- 4788467.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):26
                              Entropy (8bit):3.95006375643621
                              Encrypted:false
                              SSDEEP:3:ggPYV:rPYV
                              MD5:187F488E27DB4AF347237FE461A079AD
                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                              Malicious:true
                              Preview:[ZoneTransfer]....ZoneId=0

                              Static File Info

                              General

                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Entropy (8bit):7.96424646745905
                              TrID:
                              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                              • Win32 Executable (generic) a (10002005/4) 49.75%
                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                              • Windows Screen Saver (13104/52) 0.07%
                              • Generic Win/DOS Executable (2004/3) 0.01%
                              File name:NEW ORDER- 4788467.exe
                              File size:929'792 bytes
                              MD5:1cb86400147c835af58017f0474c5bcc
                              SHA1:ac285cb623bf292341068dead954cfed9a1f8c81
                              SHA256:c35b10fc350209ec356b48282d85b18d9b9ab5c0167dc88461297906602e3d61
                              SHA512:ce74f39d092b13570f9387e5d43ced748dea9557e8887fc072694a2cf448b2c4cf741db3e76d551ebef3511b906ae1cbe0fe670f8968e51d1441982ec73b9b0c
                              SSDEEP:24576:Nqho7Y33wd4D5N4UmVFruPkMKXbY31qKblvh:y1Hwd4FN4UoFqjKXboTp5
                              TLSH:AF15236033A4AFABC57D4BF585B0E14003F5342BFE15F19EAED340CA25BAF141A95A93
                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....m<g..............0..$...........C... ...`....@.. ....................................@................................

                              File Icon

                              Icon Hash:00928e8e8686b000

                              Static PE Info

                              General

                              Entrypoint:0x4e4396
                              Entrypoint Section:.text
                              Digitally signed:false
                              Imagebase:0x400000
                              Subsystem:windows gui
                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                              Time Stamp:0x673C6D92 [Tue Nov 19 10:50:58 2024 UTC]
                              TLS Callbacks:
                              CLR (.Net) Version:
                              OS Version Major:4
                              OS Version Minor:0
                              File Version Major:4
                              File Version Minor:0
                              Subsystem Version Major:4
                              Subsystem Version Minor:0
                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                              Entrypoint Preview

                              Instruction
                              jmp dword ptr [00402000h]
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al

                              Data Directories

                              NameVirtual AddressVirtual Size Is in Section
                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IMPORT0xe43430x4f.text
                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xe60000x64c.rsrc
                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xe80000xc.reloc
                              IMAGE_DIRECTORY_ENTRY_DEBUG0xe22400x54.text
                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                              Sections

                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                              .text0x20000xe239c0xe24002eb6f04d63498a0d71cd5c209fe31832False0.968084210980663data7.969390195014117IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              .rsrc0xe60000x64c0x800cce281aa8ea92e68056900546fc42343False0.34130859375data3.5160574872912522IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .reloc0xe80000xc0x200dcce29c697701b676ed13ef4c51943e0False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                              Resources

                              NameRVASizeTypeLanguageCountryZLIB Complexity
                              RT_VERSION0xe60900x3bcdata0.4131799163179916
                              RT_MANIFEST0xe645c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                              Imports

                              DLLImport
                              mscoree.dll_CorExeMain

                              Network Behavior

                              Suricata IDS Alerts

                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                              2024-11-21T09:01:12.116062+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949727206.189.218.2384782TCP
                              2024-11-21T09:01:14.406835+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949733206.189.218.2382286TCP
                              2024-11-21T09:01:16.726586+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949739206.189.218.2383363TCP
                              2024-11-21T09:01:19.046724+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949747206.189.218.2383386TCP
                              2024-11-21T09:01:22.419612+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949756206.189.218.2384782TCP
                              2024-11-21T09:01:24.702643+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949762206.189.218.2382286TCP
                              2024-11-21T09:01:27.078455+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949766206.189.218.2383363TCP
                              2024-11-21T09:01:29.431053+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949774206.189.218.2383386TCP
                              2024-11-21T09:01:32.718621+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949782206.189.218.2384782TCP
                              2024-11-21T09:01:35.070531+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949788206.189.218.2382286TCP
                              2024-11-21T09:01:37.431158+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949794206.189.218.2383363TCP
                              2024-11-21T09:01:39.840162+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949800206.189.218.2383386TCP
                              2024-11-21T09:01:43.218520+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949809206.189.218.2384782TCP
                              2024-11-21T09:01:45.567604+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949816206.189.218.2382286TCP
                              2024-11-21T09:01:47.884122+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949823206.189.218.2383363TCP
                              2024-11-21T09:01:50.171728+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949829206.189.218.2383386TCP
                              2024-11-21T09:01:53.471617+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949835206.189.218.2384782TCP
                              2024-11-21T09:01:55.821787+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949841206.189.218.2382286TCP
                              2024-11-21T09:01:58.141133+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949848206.189.218.2383363TCP
                              2024-11-21T09:02:00.461429+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949855206.189.218.2383386TCP
                              2024-11-21T09:02:03.790191+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949865206.189.218.2384782TCP
                              2024-11-21T09:02:06.151268+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949871206.189.218.2382286TCP
                              2024-11-21T09:02:08.469505+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949877206.189.218.2383363TCP
                              2024-11-21T09:02:10.791865+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949883206.189.218.2383386TCP
                              2024-11-21T09:02:14.089557+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949891206.189.218.2384782TCP
                              2024-11-21T09:02:16.400643+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949897206.189.218.2382286TCP
                              2024-11-21T09:02:30.634648+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949903206.189.218.2383363TCP
                              2024-11-21T09:02:33.028740+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949935206.189.218.2383386TCP
                              2024-11-21T09:02:36.362721+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949945206.189.218.2384782TCP
                              2024-11-21T09:02:38.686686+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949951206.189.218.2382286TCP
                              2024-11-21T09:02:41.039299+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949957206.189.218.2383363TCP
                              2024-11-21T09:02:43.326465+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949963206.189.218.2383386TCP
                              2024-11-21T09:02:46.653536+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949971206.189.218.2384782TCP
                              2024-11-21T09:02:49.027131+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949977206.189.218.2382286TCP
                              2024-11-21T09:02:51.400332+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949983206.189.218.2383363TCP
                              2024-11-21T09:02:53.790107+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949988206.189.218.2383386TCP
                              2024-11-21T09:02:57.103929+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.949997206.189.218.2384782TCP
                              2024-11-21T09:02:59.435800+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950002206.189.218.2382286TCP
                              2024-11-21T09:03:01.802885+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950008206.189.218.2383363TCP
                              2024-11-21T09:03:04.095535+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950014206.189.218.2383386TCP
                              2024-11-21T09:03:07.603550+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950019206.189.218.2384782TCP
                              2024-11-21T09:03:09.938728+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950020206.189.218.2382286TCP
                              2024-11-21T09:03:12.290125+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950021206.189.218.2383363TCP
                              2024-11-21T09:03:14.805730+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950022206.189.218.2383386TCP
                              2024-11-21T09:03:18.139521+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950023206.189.218.2384782TCP
                              2024-11-21T09:03:20.420351+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950024206.189.218.2382286TCP
                              2024-11-21T09:03:22.752279+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950025206.189.218.2383363TCP
                              2024-11-21T09:03:25.122532+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950026206.189.218.2383386TCP
                              2024-11-21T09:03:28.466853+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950027206.189.218.2384782TCP
                              2024-11-21T09:03:30.786880+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950028206.189.218.2382286TCP
                              2024-11-21T09:03:33.138555+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950029206.189.218.2383363TCP
                              2024-11-21T09:03:35.462766+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950030206.189.218.2383386TCP
                              2024-11-21T09:03:38.830108+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950031206.189.218.2384782TCP
                              2024-11-21T09:03:41.157912+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950032206.189.218.2382286TCP
                              2024-11-21T09:03:43.472591+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950033206.189.218.2383363TCP
                              2024-11-21T09:03:45.824973+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950034206.189.218.2383386TCP
                              2024-11-21T09:03:49.213473+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950035206.189.218.2384782TCP
                              2024-11-21T09:03:51.554810+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950036206.189.218.2382286TCP
                              2024-11-21T09:03:53.906631+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950037206.189.218.2383363TCP
                              2024-11-21T09:03:56.262693+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950038206.189.218.2383386TCP
                              2024-11-21T09:03:59.658792+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950039206.189.218.2384782TCP
                              2024-11-21T09:04:01.988085+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950040206.189.218.2382286TCP
                              2024-11-21T09:04:04.325179+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950041206.189.218.2383363TCP
                              2024-11-21T09:04:06.690829+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950042206.189.218.2383386TCP
                              2024-11-21T09:04:10.063613+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950043206.189.218.2384782TCP
                              2024-11-21T09:04:12.426769+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950044206.189.218.2382286TCP
                              2024-11-21T09:04:14.736067+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950045206.189.218.2383363TCP
                              2024-11-21T09:04:17.112416+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950046206.189.218.2383386TCP
                              2024-11-21T09:04:20.470551+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950047206.189.218.2384782TCP
                              2024-11-21T09:04:22.783727+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950048206.189.218.2382286TCP
                              2024-11-21T09:04:25.113557+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950049206.189.218.2383363TCP
                              2024-11-21T09:04:27.430801+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950050206.189.218.2383386TCP
                              2024-11-21T09:04:30.776957+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950051206.189.218.2384782TCP
                              2024-11-21T09:04:33.094239+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950052206.189.218.2382286TCP
                              2024-11-21T09:04:35.446822+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950053206.189.218.2383363TCP
                              2024-11-21T09:04:37.811352+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950054206.189.218.2383386TCP
                              2024-11-21T09:04:41.154008+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950055206.189.218.2384782TCP
                              2024-11-21T09:04:43.442297+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950056206.189.218.2382286TCP
                              2024-11-21T09:04:45.797400+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950057206.189.218.2383363TCP
                              2024-11-21T09:04:48.083502+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950058206.189.218.2383386TCP
                              2024-11-21T09:04:51.458491+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950059206.189.218.2384782TCP
                              2024-11-21T09:04:53.781589+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950060206.189.218.2382286TCP
                              2024-11-21T09:04:56.080805+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950061206.189.218.2383363TCP
                              2024-11-21T09:04:58.397919+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950062206.189.218.2383386TCP
                              2024-11-21T09:05:01.767333+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950063206.189.218.2384782TCP
                              2024-11-21T09:05:04.069594+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950064206.189.218.2382286TCP
                              2024-11-21T09:05:06.400864+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950065206.189.218.2383363TCP
                              2024-11-21T09:05:09.290026+01002036594ET JA3 Hash - Remcos 3.x/4.x TLS Connection1192.168.2.950066206.189.218.2383386TCP

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Nov 21, 2024 09:01:09.761565924 CET497274782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:09.881248951 CET478249727206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:09.881371975 CET497274782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:09.886535883 CET497274782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:10.006179094 CET478249727206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:12.115874052 CET478249727206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:12.116061926 CET497274782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:12.116156101 CET497274782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:12.116646051 CET497332286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:12.235869884 CET478249727206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:12.236202955 CET228649733206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:12.236305952 CET497332286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:12.239823103 CET497332286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:12.359391928 CET228649733206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:14.406749964 CET228649733206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:14.406835079 CET497332286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:14.406975031 CET497332286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:14.407484055 CET497393363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:14.526379108 CET228649733206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:14.527000904 CET336349739206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:14.527086973 CET497393363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:14.531083107 CET497393363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:14.650583982 CET336349739206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:16.726490021 CET336349739206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:16.726586103 CET497393363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:16.726779938 CET497393363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:16.766798019 CET497473386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:16.846385956 CET336349739206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:16.886509895 CET338649747206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:16.886600971 CET497473386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:16.891917944 CET497473386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:17.011684895 CET338649747206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:19.044477940 CET338649747206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:19.046724081 CET497473386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:19.049391985 CET497473386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:19.169132948 CET338649747206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:20.057784081 CET497564782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:20.177303076 CET478249756206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:20.177403927 CET497564782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:20.181097031 CET497564782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:20.300566912 CET478249756206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:22.419540882 CET478249756206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:22.419611931 CET497564782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:22.419687986 CET497564782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:22.420217991 CET497622286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:22.539069891 CET478249756206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:22.539649963 CET228649762206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:22.539738894 CET497622286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:22.543605089 CET497622286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:22.663007021 CET228649762206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:24.702069044 CET228649762206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:24.702642918 CET497622286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:24.710985899 CET497622286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:24.757266998 CET497663363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:24.830579996 CET228649762206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:24.876993895 CET336349766206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:24.877115965 CET497663363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:24.880932093 CET497663363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:25.000612020 CET336349766206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:27.078165054 CET336349766206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:27.078454971 CET497663363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:27.106206894 CET497663363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:27.110994101 CET497743386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:27.225919962 CET336349766206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:27.230561018 CET338649774206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:27.230941057 CET497743386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:27.333990097 CET497743386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:27.453557014 CET338649774206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:29.430922985 CET338649774206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:29.431052923 CET497743386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:29.431052923 CET497743386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:29.550517082 CET338649774206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:30.433340073 CET497824782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:30.552932024 CET478249782206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:30.553055048 CET497824782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:30.556586027 CET497824782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:30.676158905 CET478249782206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:32.717237949 CET478249782206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:32.718621016 CET497824782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:32.720237970 CET497824782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:32.729845047 CET497882286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:32.839718103 CET478249782206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:32.849419117 CET228649788206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:32.849529028 CET497882286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:32.853107929 CET497882286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:32.972793102 CET228649788206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:35.070318937 CET228649788206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:35.070530891 CET497882286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:35.070621014 CET497882286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:35.071285963 CET497943363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:35.190244913 CET228649788206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:35.190819025 CET336349794206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:35.190917015 CET497943363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:35.195058107 CET497943363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:35.314579964 CET336349794206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:37.431063890 CET336349794206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:37.431158066 CET497943363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:37.441827059 CET497943363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:37.513459921 CET498003386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:37.561325073 CET336349794206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:37.633153915 CET338649800206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:37.633248091 CET498003386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:37.637432098 CET498003386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:37.757102966 CET338649800206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:39.837100029 CET338649800206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:39.840162039 CET498003386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:39.848191977 CET498003386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:39.967710018 CET338649800206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:40.870628119 CET498094782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:40.990262985 CET478249809206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:40.990421057 CET498094782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:40.993771076 CET498094782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:41.113215923 CET478249809206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:43.218275070 CET478249809206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:43.218519926 CET498094782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:43.218694925 CET498094782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:43.219257116 CET498162286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:43.338098049 CET478249809206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:43.338887930 CET228649816206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:43.338973999 CET498162286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:43.342262983 CET498162286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:43.461704969 CET228649816206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:45.567449093 CET228649816206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:45.567604065 CET498162286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:45.567632914 CET498162286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:45.568113089 CET498233363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:45.687127113 CET228649816206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:45.687635899 CET336349823206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:45.687755108 CET498233363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:45.698864937 CET498233363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:45.818387985 CET336349823206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:47.883908033 CET336349823206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:47.884121895 CET498233363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:47.884237051 CET498233363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:47.884767056 CET498293386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:48.003943920 CET336349823206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:48.004477024 CET338649829206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:48.004628897 CET498293386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:48.008265972 CET498293386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:48.128050089 CET338649829206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:50.171590090 CET338649829206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:50.171727896 CET498293386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:50.172415018 CET498293386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:50.292076111 CET338649829206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:51.183065891 CET498354782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:51.302544117 CET478249835206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:51.302617073 CET498354782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:51.306843996 CET498354782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:51.426342964 CET478249835206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:53.471556902 CET478249835206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:53.471616983 CET498354782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:53.471693993 CET498354782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:53.472101927 CET498412286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:53.591130972 CET478249835206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:53.591512918 CET228649841206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:53.591589928 CET498412286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:53.604417086 CET498412286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:53.723965883 CET228649841206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:55.821726084 CET228649841206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:55.821787119 CET498412286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:55.821882010 CET498412286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:55.822351933 CET498483363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:55.941761017 CET228649841206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:55.943038940 CET336349848206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:55.943131924 CET498483363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:55.946652889 CET498483363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:56.066021919 CET336349848206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:58.141024113 CET336349848206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:58.141133070 CET498483363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:58.141191006 CET498483363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:58.141639948 CET498553386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:58.260687113 CET336349848206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:58.261101961 CET338649855206.189.218.238192.168.2.9
                              Nov 21, 2024 09:01:58.261234045 CET498553386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:58.264719963 CET498553386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:01:58.384350061 CET338649855206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:00.461353064 CET338649855206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:00.461429119 CET498553386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:00.461546898 CET498553386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:00.581028938 CET338649855206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:01.464653969 CET498654782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:01.584557056 CET478249865206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:01.584713936 CET498654782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:01.589968920 CET498654782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:01.709511995 CET478249865206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:03.790119886 CET478249865206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:03.790190935 CET498654782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:03.790280104 CET498654782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:03.790653944 CET498712286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:03.909859896 CET478249865206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:03.910140038 CET228649871206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:03.910226107 CET498712286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:03.913996935 CET498712286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:04.033849001 CET228649871206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:06.151180983 CET228649871206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:06.151268005 CET498712286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:06.151413918 CET498712286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:06.151856899 CET498773363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:06.270915985 CET228649871206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:06.271387100 CET336349877206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:06.271459103 CET498773363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:06.275021076 CET498773363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:06.394687891 CET336349877206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:08.469444990 CET336349877206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:08.469505072 CET498773363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:08.469595909 CET498773363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:08.470016003 CET498833386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:08.589071035 CET336349877206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:08.589445114 CET338649883206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:08.589514971 CET498833386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:08.593004942 CET498833386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:08.712563992 CET338649883206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:10.791676044 CET338649883206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:10.791865110 CET498833386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:10.791948080 CET498833386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:10.911386013 CET338649883206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:11.811199903 CET498914782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:11.931087971 CET478249891206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:11.931185007 CET498914782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:11.936404943 CET498914782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:12.055845976 CET478249891206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:14.089412928 CET478249891206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:14.089556932 CET498914782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:14.089662075 CET498914782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:14.090023041 CET498972286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:14.209202051 CET478249891206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:14.209486961 CET228649897206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:14.209561110 CET498972286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:14.213762999 CET498972286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:14.333755970 CET228649897206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:16.400527954 CET228649897206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:16.400643110 CET498972286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:16.400743008 CET498972286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:16.401222944 CET499033363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:16.520308018 CET228649897206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:16.520697117 CET336349903206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:16.520874023 CET499033363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:16.524401903 CET499033363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:16.643943071 CET336349903206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:30.634558916 CET336349903206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:30.634648085 CET499033363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:30.634738922 CET499033363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:30.635150909 CET499353386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:30.754528999 CET336349903206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:30.755227089 CET338649935206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:30.755439043 CET499353386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:30.758898973 CET499353386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:30.878424883 CET338649935206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:33.026582003 CET338649935206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:33.028739929 CET499353386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:33.028795958 CET499353386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:33.148958921 CET338649935206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:34.042388916 CET499454782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:34.162085056 CET478249945206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:34.162204027 CET499454782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:34.165666103 CET499454782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:34.285696030 CET478249945206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:36.360089064 CET478249945206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:36.362720966 CET499454782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:36.362772942 CET499454782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:36.363178968 CET499512286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:36.482268095 CET478249945206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:36.482690096 CET228649951206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:36.486699104 CET499512286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:36.492697001 CET499512286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:36.612140894 CET228649951206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:38.685463905 CET228649951206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:38.686686039 CET499512286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:38.686728954 CET499512286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:38.687838078 CET499573363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:38.806334972 CET228649951206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:38.807344913 CET336349957206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:38.807607889 CET499573363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:38.811233997 CET499573363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:38.930803061 CET336349957206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:41.039210081 CET336349957206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:41.039299011 CET499573363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:41.039349079 CET499573363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:41.039730072 CET499633386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:41.159079075 CET336349957206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:41.159204960 CET338649963206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:41.161065102 CET499633386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:41.164374113 CET499633386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:41.283838034 CET338649963206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:43.326349020 CET338649963206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:43.326464891 CET499633386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:43.326464891 CET499633386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:43.446346045 CET338649963206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:44.341603994 CET499714782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:44.461193085 CET478249971206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:44.462737083 CET499714782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:44.466105938 CET499714782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:44.585625887 CET478249971206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:46.653474092 CET478249971206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:46.653536081 CET499714782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:46.653707027 CET499714782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:46.654378891 CET499772286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:46.773330927 CET478249971206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:46.773967981 CET228649977206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:46.774041891 CET499772286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:46.786751986 CET499772286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:46.906332016 CET228649977206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:49.027018070 CET228649977206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:49.027131081 CET499772286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:49.027196884 CET499772286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:49.027646065 CET499833363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:49.146711111 CET228649977206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:49.147130013 CET336349983206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:49.147217989 CET499833363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:49.151205063 CET499833363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:49.271012068 CET336349983206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:51.400248051 CET336349983206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:51.400331974 CET499833363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:51.400372028 CET499833363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:51.400774956 CET499883386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:51.519922018 CET336349983206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:51.520262003 CET338649988206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:51.520365953 CET499883386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:51.523778915 CET499883386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:51.643235922 CET338649988206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:53.790018082 CET338649988206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:53.790107012 CET499883386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:53.790154934 CET499883386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:53.909723043 CET338649988206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:54.794529915 CET499974782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:54.914027929 CET478249997206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:54.914100885 CET499974782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:54.918525934 CET499974782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:55.037986040 CET478249997206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:57.103835106 CET478249997206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:57.103929043 CET499974782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:57.103990078 CET499974782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:57.104340076 CET500022286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:57.223448992 CET478249997206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:57.223906040 CET228650002206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:57.224196911 CET500022286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:57.227257013 CET500022286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:57.346724987 CET228650002206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:59.435723066 CET228650002206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:59.435800076 CET500022286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:59.435841084 CET500022286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:59.436244011 CET500083363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:59.555290937 CET228650002206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:59.555668116 CET336350008206.189.218.238192.168.2.9
                              Nov 21, 2024 09:02:59.555779934 CET500083363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:59.559139967 CET500083363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:02:59.678664923 CET336350008206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:01.802829027 CET336350008206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:01.802885056 CET500083363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:01.802949905 CET500083363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:01.811336040 CET500143386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:01.922456980 CET336350008206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:01.930912018 CET338650014206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:01.932770014 CET500143386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:01.936052084 CET500143386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:02.055449963 CET338650014206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:04.095478058 CET338650014206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:04.095535040 CET500143386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:04.095566034 CET500143386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:04.214992046 CET338650014206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:05.104738951 CET500194782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:05.340446949 CET478250019206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:05.340595961 CET500194782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:05.344225883 CET500194782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:05.464662075 CET478250019206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:07.603493929 CET478250019206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:07.603549957 CET500194782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:07.603600025 CET500194782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:07.603997946 CET500202286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:07.723109007 CET478250019206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:07.723546028 CET228650020206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:07.723618984 CET500202286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:07.727155924 CET500202286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:07.847130060 CET228650020206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:09.938513994 CET228650020206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:09.938728094 CET500202286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:09.938890934 CET500202286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:09.939260006 CET500213363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:10.058479071 CET228650020206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:10.058689117 CET336350021206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:10.058784008 CET500213363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:10.062122107 CET500213363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:10.181940079 CET336350021206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:12.290059090 CET336350021206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:12.290124893 CET500213363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:12.290746927 CET500213363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:12.410233021 CET336350021206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:12.453073025 CET500223386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:12.572865009 CET338650022206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:12.572978020 CET500223386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:12.578886032 CET500223386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:12.698471069 CET338650022206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:14.805449009 CET338650022206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:14.805730104 CET500223386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:14.805996895 CET500223386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:14.925465107 CET338650022206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:15.808229923 CET500234782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:15.927850962 CET478250023206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:15.927939892 CET500234782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:15.931648016 CET500234782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:16.051139116 CET478250023206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:18.139422894 CET478250023206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:18.139520884 CET500234782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:18.139561892 CET500234782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:18.139920950 CET500242286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:18.259609938 CET478250023206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:18.260245085 CET228650024206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:18.262352943 CET500242286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:18.265747070 CET500242286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:18.385231018 CET228650024206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:20.419218063 CET228650024206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:20.420351028 CET500242286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:20.420488119 CET500242286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:20.420854092 CET500253363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:20.540787935 CET228650024206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:20.541207075 CET336350025206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:20.541286945 CET500253363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:20.544883013 CET500253363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:20.664472103 CET336350025206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:22.752213955 CET336350025206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:22.752279043 CET500253363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:22.752437115 CET500253363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:22.752754927 CET500263386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:22.871855021 CET336350025206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:22.872164965 CET338650026206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:22.872242928 CET500263386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:22.875636101 CET500263386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:22.995201111 CET338650026206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:25.122459888 CET338650026206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:25.122531891 CET500263386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:25.122595072 CET500263386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:25.242237091 CET338650026206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:26.136152983 CET500274782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:26.255793095 CET478250027206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:26.258753061 CET500274782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:26.262270927 CET500274782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:26.381906986 CET478250027206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:28.464366913 CET478250027206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:28.466852903 CET500274782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:28.468801975 CET500274782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:28.489896059 CET500282286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:28.588253975 CET478250027206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:28.609433889 CET228650028206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:28.610141039 CET500282286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:28.627676964 CET500282286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:28.747512102 CET228650028206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:30.783581018 CET228650028206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:30.786880016 CET500282286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:30.786880016 CET500282286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:30.819479942 CET500293363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:30.906577110 CET228650028206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:30.939069033 CET336350029206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:30.939172029 CET500293363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:30.942430973 CET500293363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:31.061969042 CET336350029206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:33.138452053 CET336350029206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:33.138555050 CET500293363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:33.138612032 CET500293363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:33.139009953 CET500303386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:33.258167982 CET336350029206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:33.258502007 CET338650030206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:33.258579016 CET500303386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:33.262959957 CET500303386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:33.382540941 CET338650030206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:35.459964037 CET338650030206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:35.462765932 CET500303386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:35.462940931 CET500303386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:35.582401991 CET338650030206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:36.464328051 CET500314782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:36.583837986 CET478250031206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:36.584105968 CET500314782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:36.587183952 CET500314782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:36.707390070 CET478250031206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:38.829250097 CET478250031206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:38.830107927 CET500314782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:38.830183983 CET500314782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:38.830629110 CET500322286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:38.949621916 CET478250031206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:38.950082064 CET228650032206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:38.950159073 CET500322286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:38.953603029 CET500322286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:39.073117971 CET228650032206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:41.157819986 CET228650032206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:41.157912016 CET500322286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:41.157989025 CET500322286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:41.158757925 CET500333363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:41.277587891 CET228650032206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:41.278268099 CET336350033206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:41.278333902 CET500333363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:41.283127069 CET500333363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:41.402561903 CET336350033206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:43.472338915 CET336350033206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:43.472590923 CET500333363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:43.472590923 CET500333363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:43.473006010 CET500343386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:43.592045069 CET336350033206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:43.592436075 CET338650034206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:43.592546940 CET500343386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:43.602457047 CET500343386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:43.721980095 CET338650034206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:45.824918985 CET338650034206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:45.824973106 CET500343386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:45.825050116 CET500343386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:45.944813013 CET338650034206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:46.839359045 CET500354782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:46.959008932 CET478250035206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:46.959099054 CET500354782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:46.962435007 CET500354782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:47.082817078 CET478250035206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:49.213227987 CET478250035206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:49.213473082 CET500354782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:49.213473082 CET500354782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:49.213783026 CET500362286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:49.333132982 CET478250035206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:49.333256006 CET228650036206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:49.333456039 CET500362286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:49.337308884 CET500362286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:49.457258940 CET228650036206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:51.553774118 CET228650036206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:51.554810047 CET500362286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:51.554810047 CET500362286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:51.555141926 CET500373363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:51.674253941 CET228650036206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:51.674565077 CET336350037206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:51.674767017 CET500373363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:51.677942991 CET500373363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:51.797544956 CET336350037206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:53.906481981 CET336350037206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:53.906630993 CET500373363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:53.906630993 CET500373363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:53.907044888 CET500383386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:54.028042078 CET336350037206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:54.029213905 CET338650038206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:54.029342890 CET500383386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:54.032646894 CET500383386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:54.152163029 CET338650038206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:56.262619972 CET338650038206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:56.262692928 CET500383386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:56.262777090 CET500383386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:56.382316113 CET338650038206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:57.286267042 CET500394782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:57.405872107 CET478250039206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:57.413671017 CET500394782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:57.417457104 CET500394782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:57.536899090 CET478250039206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:59.656614065 CET478250039206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:59.658792019 CET500394782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:59.658910036 CET500394782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:59.659269094 CET500402286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:59.778378963 CET478250039206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:59.778733015 CET228650040206.189.218.238192.168.2.9
                              Nov 21, 2024 09:03:59.778836012 CET500402286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:59.782135010 CET500402286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:03:59.902518034 CET228650040206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:01.988015890 CET228650040206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:01.988085032 CET500402286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:01.988143921 CET500402286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:01.988513947 CET500413363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:02.107681990 CET228650040206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:02.107992887 CET336350041206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:02.108067989 CET500413363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:02.112078905 CET500413363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:02.231579065 CET336350041206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:04.323028088 CET336350041206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:04.325179100 CET500413363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:04.325345039 CET500413363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:04.325774908 CET500423386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:04.444828987 CET336350041206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:04.445238113 CET338650042206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:04.445324898 CET500423386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:04.449837923 CET500423386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:04.569444895 CET338650042206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:06.688230991 CET338650042206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:06.690829039 CET500423386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:06.690877914 CET500423386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:06.810461998 CET338650042206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:07.698937893 CET500434782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:07.819870949 CET478250043206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:07.822902918 CET500434782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:07.826039076 CET500434782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:07.947840929 CET478250043206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:10.063482046 CET478250043206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:10.063612938 CET500434782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:10.063651085 CET500434782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:10.064091921 CET500442286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:10.183206081 CET478250043206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:10.183577061 CET228650044206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:10.183897018 CET500442286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:10.186809063 CET500442286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:10.306277037 CET228650044206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:12.424396992 CET228650044206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:12.426769018 CET500442286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:12.426810980 CET500442286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:12.427165031 CET500453363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:12.546327114 CET228650044206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:12.546622992 CET336350045206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:12.546783924 CET500453363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:12.550268888 CET500453363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:12.669823885 CET336350045206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:14.735055923 CET336350045206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:14.736067057 CET500453363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:14.745544910 CET500453363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:14.750411034 CET500463386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:14.865113974 CET336350045206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:14.869982004 CET338650046206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:14.870306969 CET500463386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:14.874561071 CET500463386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:14.994146109 CET338650046206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:17.112296104 CET338650046206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:17.112416029 CET500463386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:17.113851070 CET500463386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:17.233304024 CET338650046206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:18.152087927 CET500474782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:18.271852016 CET478250047206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:18.271927118 CET500474782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:18.276702881 CET500474782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:18.396255016 CET478250047206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:20.470434904 CET478250047206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:20.470551014 CET500474782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:20.470617056 CET500474782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:20.471113920 CET500482286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:20.590137005 CET478250047206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:20.590593100 CET228650048206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:20.590842009 CET500482286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:20.594127893 CET500482286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:20.713664055 CET228650048206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:22.783653975 CET228650048206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:22.783726931 CET500482286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:22.783767939 CET500482286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:22.784177065 CET500493363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:22.903328896 CET228650048206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:22.903683901 CET336350049206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:22.903908014 CET500493363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:22.907222986 CET500493363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:23.026779890 CET336350049206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:25.111798048 CET336350049206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:25.113557100 CET500493363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:25.113709927 CET500493363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:25.114252090 CET500503386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:25.235222101 CET336350049206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:25.235704899 CET338650050206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:25.235799074 CET500503386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:25.239378929 CET500503386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:25.359396935 CET338650050206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:27.429879904 CET338650050206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:27.430800915 CET500503386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:27.430860043 CET500503386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:27.550688982 CET338650050206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:28.443819046 CET500514782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:28.563507080 CET478250051206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:28.563602924 CET500514782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:28.567152977 CET500514782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:28.686832905 CET478250051206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:30.776854992 CET478250051206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:30.776957035 CET500514782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:30.777004004 CET500514782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:30.777419090 CET500522286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:30.896575928 CET478250051206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:30.896888971 CET228650052206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:30.897156954 CET500522286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:30.900466919 CET500522286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:31.019958973 CET228650052206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:33.094069958 CET228650052206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:33.094238997 CET500522286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:33.094290018 CET500522286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:33.094993114 CET500533363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:33.214001894 CET228650052206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:33.214457989 CET336350053206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:33.214544058 CET500533363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:33.218492985 CET500533363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:33.338025093 CET336350053206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:35.441498995 CET336350053206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:35.446821928 CET500533363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:35.446857929 CET500533363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:35.448767900 CET500543386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:35.566399097 CET336350053206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:35.570262909 CET338650054206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:35.572885990 CET500543386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:35.576839924 CET500543386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:35.696422100 CET338650054206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:37.811295033 CET338650054206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:37.811352015 CET500543386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:37.811460018 CET500543386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:37.930982113 CET338650054206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:38.823791027 CET500554782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:38.943450928 CET478250055206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:38.946377039 CET500554782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:38.949723005 CET500554782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:39.069297075 CET478250055206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:41.153337002 CET478250055206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:41.154007912 CET500554782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:41.154068947 CET500554782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:41.154438019 CET500562286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:41.274020910 CET478250055206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:41.274038076 CET228650056206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:41.274209976 CET500562286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:41.277582884 CET500562286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:41.397099018 CET228650056206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:43.442210913 CET228650056206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:43.442296982 CET500562286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:43.442332983 CET500562286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:43.442713976 CET500573363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:43.561933994 CET228650056206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:43.562222004 CET336350057206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:43.562397003 CET500573363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:43.570121050 CET500573363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:43.689754963 CET336350057206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:45.797293901 CET336350057206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:45.797399998 CET500573363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:45.797441006 CET500573363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:45.797874928 CET500583386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:45.918114901 CET336350057206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:45.918132067 CET338650058206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:45.918217897 CET500583386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:45.922070026 CET500583386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:46.041584015 CET338650058206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:48.083353043 CET338650058206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:48.083502054 CET500583386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:48.084975958 CET500583386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:48.204452038 CET338650058206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:49.089664936 CET500594782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:49.209290028 CET478250059206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:49.209393024 CET500594782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:49.213848114 CET500594782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:49.333324909 CET478250059206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:51.455188990 CET478250059206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:51.458491087 CET500594782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:51.458539009 CET500594782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:51.458920956 CET500602286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:51.578078032 CET478250059206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:51.578593969 CET228650060206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:51.578738928 CET500602286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:51.582218885 CET500602286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:51.701766014 CET228650060206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:53.781491995 CET228650060206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:53.781589031 CET500602286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:53.781728983 CET500602286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:53.782134056 CET500613363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:53.901135921 CET228650060206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:53.901648045 CET336350061206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:53.901859999 CET500613363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:53.906245947 CET500613363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:54.025784016 CET336350061206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:56.080662012 CET336350061206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:56.080805063 CET500613363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:56.080805063 CET500613363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:56.081224918 CET500623386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:56.200428963 CET336350061206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:56.200683117 CET338650062206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:56.200800896 CET500623386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:56.203993082 CET500623386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:56.323440075 CET338650062206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:58.397800922 CET338650062206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:58.397918940 CET500623386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:58.397918940 CET500623386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:58.517498016 CET338650062206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:59.401935101 CET500634782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:59.521505117 CET478250063206.189.218.238192.168.2.9
                              Nov 21, 2024 09:04:59.522871971 CET500634782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:59.526199102 CET500634782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:04:59.645795107 CET478250063206.189.218.238192.168.2.9
                              Nov 21, 2024 09:05:01.765783072 CET478250063206.189.218.238192.168.2.9
                              Nov 21, 2024 09:05:01.767333031 CET500634782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:05:01.767453909 CET500634782192.168.2.9206.189.218.238
                              Nov 21, 2024 09:05:01.791935921 CET500642286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:05:01.887109041 CET478250063206.189.218.238192.168.2.9
                              Nov 21, 2024 09:05:01.911715984 CET228650064206.189.218.238192.168.2.9
                              Nov 21, 2024 09:05:01.912106037 CET500642286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:05:01.915303946 CET500642286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:05:02.034864902 CET228650064206.189.218.238192.168.2.9
                              Nov 21, 2024 09:05:04.069344044 CET228650064206.189.218.238192.168.2.9
                              Nov 21, 2024 09:05:04.069593906 CET500642286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:05:04.069643974 CET500642286192.168.2.9206.189.218.238
                              Nov 21, 2024 09:05:04.070039988 CET500653363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:05:04.189189911 CET228650064206.189.218.238192.168.2.9
                              Nov 21, 2024 09:05:04.189574003 CET336350065206.189.218.238192.168.2.9
                              Nov 21, 2024 09:05:04.189680099 CET500653363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:05:04.192934990 CET500653363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:05:04.312535048 CET336350065206.189.218.238192.168.2.9
                              Nov 21, 2024 09:05:06.397470951 CET336350065206.189.218.238192.168.2.9
                              Nov 21, 2024 09:05:06.400863886 CET500653363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:05:07.000050068 CET500653363192.168.2.9206.189.218.238
                              Nov 21, 2024 09:05:07.000399113 CET500663386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:05:07.119617939 CET336350065206.189.218.238192.168.2.9
                              Nov 21, 2024 09:05:07.119868040 CET338650066206.189.218.238192.168.2.9
                              Nov 21, 2024 09:05:07.119965076 CET500663386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:05:07.123491049 CET500663386192.168.2.9206.189.218.238
                              Nov 21, 2024 09:05:07.243015051 CET338650066206.189.218.238192.168.2.9
                              Nov 21, 2024 09:05:09.289910078 CET338650066206.189.218.238192.168.2.9
                              Nov 21, 2024 09:05:09.290025949 CET500663386192.168.2.9206.189.218.238

                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              Click to dive into process behavior distribution

                              Behavior

                              Click to jump to process

                              System Behavior

                              General

                              Target ID:0
                              Start time:03:00:58
                              Start date:21/11/2024
                              Path:C:\Users\user\Desktop\NEW ORDER- 4788467.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\Desktop\NEW ORDER- 4788467.exe"
                              Imagebase:0xa60000
                              File size:929'792 bytes
                              MD5 hash:1CB86400147C835AF58017F0474C5BCC
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000000.00000002.1405920482.0000000004C06000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000000.00000002.1405920482.0000000004C06000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000002.1405920482.0000000004C06000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000000.00000002.1405920482.0000000004C06000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:3
                              Start time:03:01:02
                              Start date:21/11/2024
                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mWrixkEbVc.exe"
                              Imagebase:0xfa0000
                              File size:433'152 bytes
                              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:4
                              Start time:03:01:03
                              Start date:21/11/2024
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff70f010000
                              File size:862'208 bytes
                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:5
                              Start time:03:01:03
                              Start date:21/11/2024
                              Path:C:\Windows\SysWOW64\schtasks.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmpC42D.tmp"
                              Imagebase:0x870000
                              File size:187'904 bytes
                              MD5 hash:48C2FE20575769DE916F48EF0676A965
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:6
                              Start time:03:01:03
                              Start date:21/11/2024
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff70f010000
                              File size:862'208 bytes
                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:7
                              Start time:03:01:03
                              Start date:21/11/2024
                              Path:C:\Users\user\Desktop\NEW ORDER- 4788467.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\Desktop\NEW ORDER- 4788467.exe"
                              Imagebase:0x570000
                              File size:929'792 bytes
                              MD5 hash:1CB86400147C835AF58017F0474C5BCC
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                              • Rule: REMCOS_RAT_variants, Description: unknown, Source: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                              • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000007.00000002.1385949758.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:8
                              Start time:03:01:03
                              Start date:21/11/2024
                              Path:C:\ProgramData\Remcos\remcos.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\ProgramData\Remcos\remcos.exe"
                              Imagebase:0xf50000
                              File size:929'792 bytes
                              MD5 hash:1CB86400147C835AF58017F0474C5BCC
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Antivirus matches:
                              • Detection: 100%, Joe Sandbox ML
                              • Detection: 68%, ReversingLabs
                              • Detection: 44%, Virustotal, Browse
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:9
                              Start time:03:01:04
                              Start date:21/11/2024
                              Path:C:\Users\user\AppData\Roaming\mWrixkEbVc.exe
                              Wow64 process (32bit):true
                              Commandline:C:\Users\user\AppData\Roaming\mWrixkEbVc.exe
                              Imagebase:0x980000
                              File size:929'792 bytes
                              MD5 hash:1CB86400147C835AF58017F0474C5BCC
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Antivirus matches:
                              • Detection: 100%, Joe Sandbox ML
                              • Detection: 68%, ReversingLabs
                              • Detection: 44%, Virustotal, Browse
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:11
                              Start time:03:01:08
                              Start date:21/11/2024
                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\mWrixkEbVc.exe"
                              Imagebase:0xfa0000
                              File size:433'152 bytes
                              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:12
                              Start time:03:01:08
                              Start date:21/11/2024
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff70f010000
                              File size:862'208 bytes
                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:13
                              Start time:03:01:08
                              Start date:21/11/2024
                              Path:C:\Windows\SysWOW64\schtasks.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmpD8DE.tmp"
                              Imagebase:0x870000
                              File size:187'904 bytes
                              MD5 hash:48C2FE20575769DE916F48EF0676A965
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:14
                              Start time:03:01:08
                              Start date:21/11/2024
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff70f010000
                              File size:862'208 bytes
                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:15
                              Start time:03:01:08
                              Start date:21/11/2024
                              Path:C:\ProgramData\Remcos\remcos.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\ProgramData\Remcos\remcos.exe"
                              Imagebase:0x2d0000
                              File size:929'792 bytes
                              MD5 hash:1CB86400147C835AF58017F0474C5BCC
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:16
                              Start time:03:01:08
                              Start date:21/11/2024
                              Path:C:\ProgramData\Remcos\remcos.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\ProgramData\Remcos\remcos.exe"
                              Imagebase:0x30000
                              File size:929'792 bytes
                              MD5 hash:1CB86400147C835AF58017F0474C5BCC
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:17
                              Start time:03:01:08
                              Start date:21/11/2024
                              Path:C:\ProgramData\Remcos\remcos.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\ProgramData\Remcos\remcos.exe"
                              Imagebase:0xd20000
                              File size:929'792 bytes
                              MD5 hash:1CB86400147C835AF58017F0474C5BCC
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000011.00000002.3790646683.00000000013B7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000011.00000002.3792155314.0000000002FAF000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                              Has exited:false

                              General

                              Target ID:19
                              Start time:03:01:14
                              Start date:21/11/2024
                              Path:C:\ProgramData\Remcos\remcos.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\ProgramData\Remcos\remcos.exe"
                              Imagebase:0xe40000
                              File size:929'792 bytes
                              MD5 hash:1CB86400147C835AF58017F0474C5BCC
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:20
                              Start time:03:01:19
                              Start date:21/11/2024
                              Path:C:\Windows\SysWOW64\schtasks.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmp414.tmp"
                              Imagebase:0x870000
                              File size:187'904 bytes
                              MD5 hash:48C2FE20575769DE916F48EF0676A965
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:21
                              Start time:03:01:19
                              Start date:21/11/2024
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff70f010000
                              File size:862'208 bytes
                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:22
                              Start time:03:01:19
                              Start date:21/11/2024
                              Path:C:\ProgramData\Remcos\remcos.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\ProgramData\Remcos\remcos.exe"
                              Imagebase:0x570000
                              File size:929'792 bytes
                              MD5 hash:1CB86400147C835AF58017F0474C5BCC
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000016.00000002.1546311824.0000000000B87000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                              Has exited:true

                              General

                              Target ID:23
                              Start time:03:01:22
                              Start date:21/11/2024
                              Path:C:\ProgramData\Remcos\remcos.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\ProgramData\Remcos\remcos.exe"
                              Imagebase:0xb60000
                              File size:929'792 bytes
                              MD5 hash:1CB86400147C835AF58017F0474C5BCC
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:24
                              Start time:03:01:27
                              Start date:21/11/2024
                              Path:C:\Windows\SysWOW64\schtasks.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmp23E1.tmp"
                              Imagebase:0x870000
                              File size:187'904 bytes
                              MD5 hash:48C2FE20575769DE916F48EF0676A965
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:25
                              Start time:03:01:27
                              Start date:21/11/2024
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff70f010000
                              File size:862'208 bytes
                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:26
                              Start time:03:01:27
                              Start date:21/11/2024
                              Path:C:\ProgramData\Remcos\remcos.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\ProgramData\Remcos\remcos.exe"
                              Imagebase:0xb90000
                              File size:929'792 bytes
                              MD5 hash:1CB86400147C835AF58017F0474C5BCC
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000001A.00000002.1627153891.0000000001197000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                              Has exited:true

                              General

                              Target ID:27
                              Start time:03:01:31
                              Start date:21/11/2024
                              Path:C:\ProgramData\Remcos\remcos.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\ProgramData\Remcos\remcos.exe"
                              Imagebase:0x840000
                              File size:929'792 bytes
                              MD5 hash:1CB86400147C835AF58017F0474C5BCC
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:28
                              Start time:03:01:35
                              Start date:21/11/2024
                              Path:C:\Windows\SysWOW64\schtasks.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\mWrixkEbVc" /XML "C:\Users\user\AppData\Local\Temp\tmp42D3.tmp"
                              Imagebase:0x870000
                              File size:187'904 bytes
                              MD5 hash:48C2FE20575769DE916F48EF0676A965
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:29
                              Start time:03:01:35
                              Start date:21/11/2024
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff70f010000
                              File size:862'208 bytes
                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:30
                              Start time:03:01:35
                              Start date:21/11/2024
                              Path:C:\ProgramData\Remcos\remcos.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\ProgramData\Remcos\remcos.exe"
                              Imagebase:0x770000
                              File size:929'792 bytes
                              MD5 hash:1CB86400147C835AF58017F0474C5BCC
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000001E.00000002.1706489344.0000000000F97000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                              Has exited:true

                              Disassembly

                              Reset < >

                                Execution Graph

                                Execution Coverage:10.8%
                                Dynamic/Decrypted Code Coverage:100%
                                Signature Coverage:0%
                                Total number of Nodes:170
                                Total number of Limit Nodes:7
                                execution_graph 29753 7755410 29754 775559b 29753->29754 29755 7755436 29753->29755 29755->29754 29758 7755690 PostMessageW 29755->29758 29760 7755689 29755->29760 29759 77556fc 29758->29759 29759->29755 29761 7755690 PostMessageW 29760->29761 29762 77556fc 29761->29762 29762->29755 29724 2ee4668 29725 2ee467a 29724->29725 29726 2ee4686 29725->29726 29728 2ee4779 29725->29728 29729 2ee479d 29728->29729 29733 2ee4888 29729->29733 29737 2ee4879 29729->29737 29735 2ee48af 29733->29735 29734 2ee498c 29735->29734 29741 2ee44b4 29735->29741 29739 2ee48af 29737->29739 29738 2ee498c 29738->29738 29739->29738 29740 2ee44b4 CreateActCtxA 29739->29740 29740->29738 29742 2ee5918 CreateActCtxA 29741->29742 29744 2ee59cf 29742->29744 29773 775188c 29774 7751896 29773->29774 29776 775196f 29773->29776 29775 775199d 29776->29775 29780 77542be 29776->29780 29797 7754248 29776->29797 29813 7754258 29776->29813 29781 775424c 29780->29781 29783 77542c1 29780->29783 29782 775427a 29781->29782 29829 7754ba2 29781->29829 29834 7754ea4 29781->29834 29839 7754a1b 29781->29839 29844 7754e3f 29781->29844 29849 77548df 29781->29849 29854 77548fd 29781->29854 29862 7754a33 29781->29862 29867 7754b33 29781->29867 29872 7754854 29781->29872 29877 7754689 29781->29877 29882 7754faf 29781->29882 29886 7754a4c 29781->29886 29891 77547cd 29781->29891 29782->29775 29783->29775 29798 775424c 29797->29798 29799 775427a 29798->29799 29800 7754854 2 API calls 29798->29800 29801 7754b33 2 API calls 29798->29801 29802 7754a33 2 API calls 29798->29802 29803 77548fd 4 API calls 29798->29803 29804 77548df 2 API calls 29798->29804 29805 7754e3f 2 API calls 29798->29805 29806 7754a1b 2 API calls 29798->29806 29807 7754ea4 2 API calls 29798->29807 29808 7754ba2 2 API calls 29798->29808 29809 77547cd 2 API calls 29798->29809 29810 7754a4c 2 API calls 29798->29810 29811 7754faf 2 API calls 29798->29811 29812 7754689 2 API calls 29798->29812 29799->29775 29800->29799 29801->29799 29802->29799 29803->29799 29804->29799 29805->29799 29806->29799 29807->29799 29808->29799 29809->29799 29810->29799 29811->29799 29812->29799 29814 7754272 29813->29814 29815 775427a 29814->29815 29816 7754854 2 API calls 29814->29816 29817 7754b33 2 API calls 29814->29817 29818 7754a33 2 API calls 29814->29818 29819 77548fd 4 API calls 29814->29819 29820 77548df 2 API calls 29814->29820 29821 7754e3f 2 API calls 29814->29821 29822 7754a1b 2 API calls 29814->29822 29823 7754ea4 2 API calls 29814->29823 29824 7754ba2 2 API calls 29814->29824 29825 77547cd 2 API calls 29814->29825 29826 7754a4c 2 API calls 29814->29826 29827 7754faf 2 API calls 29814->29827 29828 7754689 2 API calls 29814->29828 29815->29775 29816->29815 29817->29815 29818->29815 29819->29815 29820->29815 29821->29815 29822->29815 29823->29815 29824->29815 29825->29815 29826->29815 29827->29815 29828->29815 29830 7754ba8 29829->29830 29895 7751190 29830->29895 29899 7751198 29830->29899 29831 7754be1 29835 77548f6 29834->29835 29903 7750b10 29835->29903 29907 7750b18 29835->29907 29836 7755067 29840 7754f14 29839->29840 29911 77510d1 29840->29911 29915 77510d8 29840->29915 29841 7754f32 29845 7754e45 29844->29845 29919 7751280 29845->29919 29923 7751288 29845->29923 29846 7754e68 29850 77548e5 29849->29850 29852 7750b10 ResumeThread 29850->29852 29853 7750b18 ResumeThread 29850->29853 29851 7755067 29852->29851 29853->29851 29855 775490a 29854->29855 29856 77549a1 29854->29856 29927 7750bc0 29855->29927 29931 7750bc8 29855->29931 29860 7750b10 ResumeThread 29856->29860 29861 7750b18 ResumeThread 29856->29861 29857 7755067 29860->29857 29861->29857 29863 7754e46 29862->29863 29864 7754e68 29863->29864 29865 7751280 ReadProcessMemory 29863->29865 29866 7751288 ReadProcessMemory 29863->29866 29865->29864 29866->29864 29868 7754b3c 29867->29868 29870 7751190 WriteProcessMemory 29868->29870 29871 7751198 WriteProcessMemory 29868->29871 29869 7754be1 29870->29869 29871->29869 29873 7754bc0 29872->29873 29875 7751190 WriteProcessMemory 29873->29875 29876 7751198 WriteProcessMemory 29873->29876 29874 7754be1 29875->29874 29876->29874 29878 7754699 29877->29878 29935 7751415 29878->29935 29939 7751420 29878->29939 29884 7751190 WriteProcessMemory 29882->29884 29885 7751198 WriteProcessMemory 29882->29885 29883 7754fe2 29884->29883 29885->29883 29887 7754c9e 29886->29887 29889 7750bc0 Wow64SetThreadContext 29887->29889 29890 7750bc8 Wow64SetThreadContext 29887->29890 29888 77547b5 29889->29888 29890->29888 29893 7751190 WriteProcessMemory 29891->29893 29894 7751198 WriteProcessMemory 29891->29894 29892 77547a9 29893->29892 29894->29892 29896 7751198 WriteProcessMemory 29895->29896 29898 7751237 29896->29898 29898->29831 29900 77511e0 WriteProcessMemory 29899->29900 29902 7751237 29900->29902 29902->29831 29904 7750b18 ResumeThread 29903->29904 29906 7750b89 29904->29906 29906->29836 29908 7750b58 ResumeThread 29907->29908 29910 7750b89 29908->29910 29910->29836 29912 77510d8 VirtualAllocEx 29911->29912 29914 7751155 29912->29914 29914->29841 29916 7751118 VirtualAllocEx 29915->29916 29918 7751155 29916->29918 29918->29841 29920 7751288 ReadProcessMemory 29919->29920 29922 7751317 29920->29922 29922->29846 29924 77512d3 ReadProcessMemory 29923->29924 29926 7751317 29924->29926 29926->29846 29928 7750bc8 Wow64SetThreadContext 29927->29928 29930 7750c55 29928->29930 29930->29856 29932 7750c0d Wow64SetThreadContext 29931->29932 29934 7750c55 29932->29934 29934->29856 29936 7751420 CreateProcessA 29935->29936 29938 775166b 29936->29938 29940 77514a9 CreateProcessA 29939->29940 29942 775166b 29940->29942 29745 2eeac70 29748 2eead68 29745->29748 29746 2eeac7f 29749 2eead9c 29748->29749 29750 2eead79 29748->29750 29749->29746 29750->29749 29751 2eeafa0 GetModuleHandleW 29750->29751 29752 2eeafcd 29751->29752 29752->29746 29763 2eed000 29764 2eed046 GetCurrentProcess 29763->29764 29766 2eed098 GetCurrentThread 29764->29766 29767 2eed091 29764->29767 29768 2eed0ce 29766->29768 29769 2eed0d5 GetCurrentProcess 29766->29769 29767->29766 29768->29769 29772 2eed10b 29769->29772 29770 2eed133 GetCurrentThreadId 29771 2eed164 29770->29771 29772->29770 29943 2eed650 DuplicateHandle 29944 2eed6e6 29943->29944

                                Executed Functions

                                Function 075D34B8 Relevance: 3.1, Strings: 2, Instructions: 562COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 44 75d34b8-75d34e0 45 75d34e7-75d35a3 44->45 46 75d34e2 44->46 49 75d35a8-75d35b5 45->49 50 75d35a5-75d35cb 45->50 46->45 49->50 52 75d3abb-75d3afd 50->52 53 75d35d1-75d35fb 50->53 61 75d3b00-75d3b04 52->61 56 75d3cc8-75d3cd4 53->56 57 75d3601-75d3619 53->57 60 75d3cda-75d3ce3 56->60 59 75d361f-75d3620 57->59 57->60 62 75d3cae-75d3cba 59->62 65 75d3ce9-75d3cf5 60->65 66 75d3b0a-75d3b10 61->66 67 75d36d6-75d36da 61->67 63 75d3625-75d3631 62->63 64 75d3cc0-75d3cc7 62->64 71 75d3638-75d3653 63->71 72 75d3633 63->72 74 75d3cfb-75d3d07 65->74 66->52 68 75d3b12-75d3b6d 66->68 69 75d36ec-75d36f2 67->69 70 75d36dc-75d36ea 67->70 93 75d3b6f-75d3ba2 68->93 94 75d3ba4-75d3bce 68->94 76 75d3737-75d373b 69->76 75 75d374a-75d377c 70->75 71->65 73 75d3659-75d367e 71->73 72->71 73->74 88 75d3684-75d3686 73->88 83 75d3d0d-75d3d14 74->83 98 75d377e-75d378a 75->98 99 75d37a6 75->99 77 75d373d 76->77 78 75d36f4-75d3700 76->78 84 75d3740-75d3744 77->84 80 75d3707-75d370f 78->80 81 75d3702 78->81 86 75d3734 80->86 87 75d3711-75d3725 80->87 81->80 84->75 89 75d36bc-75d36d3 84->89 86->76 91 75d3689-75d3694 87->91 92 75d372b-75d3732 87->92 88->91 89->67 91->83 96 75d369a-75d36b7 91->96 92->77 106 75d3bd7-75d3c56 93->106 94->106 96->84 103 75d378c-75d3792 98->103 104 75d3794-75d379a 98->104 101 75d37ac-75d37d9 99->101 111 75d3828-75d38bb 101->111 112 75d37db-75d3813 101->112 105 75d37a4 103->105 104->105 105->101 119 75d3c5d-75d3c70 106->119 127 75d38bd 111->127 128 75d38c4-75d38c5 111->128 120 75d3c7f-75d3c84 112->120 119->120 122 75d3c9b-75d3cab 120->122 123 75d3c86-75d3c94 120->123 122->62 123->122 127->128 129 75d3916-75d391c 128->129 130 75d391e-75d39e0 129->130 131 75d38c7-75d38e6 129->131 142 75d3a21-75d3a25 130->142 143 75d39e2-75d3a1b 130->143 132 75d38ed-75d3913 131->132 133 75d38e8 131->133 132->129 133->132 144 75d3a27-75d3a60 142->144 145 75d3a66-75d3a6a 142->145 143->142 144->145 147 75d3a6c-75d3aa5 145->147 148 75d3aab-75d3aaf 145->148 147->148 148->68 150 75d3ab1-75d3ab9 148->150 150->61
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID: :$~
                                • API String ID: 0-2431124681
                                • Opcode ID: 6eb3f4dd49dff1f91291cd0c86b63c3f22f2eb5762ba4939f23242e3ff04354e
                                • Instruction ID: 6d1b2fb388d86f306c649c6a4dbeb12993cbb713955d5768bf6e862d2634a1bd
                                • Opcode Fuzzy Hash: 6eb3f4dd49dff1f91291cd0c86b63c3f22f2eb5762ba4939f23242e3ff04354e
                                • Instruction Fuzzy Hash: 1E42D0B5A00218DFDB25CFA9C980B99BBB2FF49300F1584E9E509AB261D731ED91DF11
                                Function 075D2106 Relevance: 1.8, Strings: 1, Instructions: 561COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 152 75d2106-75d210a 153 75d2acd-75d2add 152->153 154 75d210b-75d2120 152->154 154->153 155 75d2121-75d212c 154->155 157 75d2132-75d213e 155->157 158 75d214a-75d2159 157->158 160 75d21b8-75d21bc 158->160 161 75d2264-75d22ce 160->161 162 75d21c2-75d21cb 160->162 161->153 200 75d22d4-75d281b 161->200 163 75d20c6-75d20d2 162->163 164 75d21d1-75d21e7 162->164 163->153 166 75d20d8-75d20e4 163->166 170 75d2239-75d224b 164->170 171 75d21e9-75d21ec 164->171 168 75d215b-75d2161 166->168 169 75d20e6-75d20fa 166->169 168->153 172 75d2167-75d217f 168->172 169->168 178 75d20fc-75d2105 169->178 180 75d2a0c-75d2ac2 170->180 181 75d2251-75d2261 170->181 171->153 174 75d21f2-75d222f 171->174 172->153 183 75d2185-75d21ad 172->183 174->161 197 75d2231-75d2237 174->197 178->152 180->153 183->160 197->170 197->171 278 75d281d-75d2827 200->278 279 75d2832-75d28c5 200->279 280 75d282d 278->280 281 75d28d0-75d2963 278->281 279->281 282 75d296e-75d2a01 280->282 281->282 282->180
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID: D
                                • API String ID: 0-2746444292
                                • Opcode ID: 48e17188cab8229eeb70ec4f1a6f722d564e6480d16471d3c6301576f74e4882
                                • Instruction ID: c37b1fdd0df4f1dce7dd33b8021feb073d5fee0c6b31eed318d27b67e7f5bb5f
                                • Opcode Fuzzy Hash: 48e17188cab8229eeb70ec4f1a6f722d564e6480d16471d3c6301576f74e4882
                                • Instruction Fuzzy Hash: ED52B574A002299FDB64DF64D998B9DB7B6FF89300F1081D9D50AA73A0DB34AE81CF51
                                Function 077563E8 Relevance: .4, Instructions: 401COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410185671.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7750000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b765e6794235fbe52fc322d61fb2fe52034878cf37ac8a98bef0c417323152ac
                                • Instruction ID: 3c018aeaf21dc393691e8ef245c955d1617f7d2a48280c202c42265b83b6919b
                                • Opcode Fuzzy Hash: b765e6794235fbe52fc322d61fb2fe52034878cf37ac8a98bef0c417323152ac
                                • Instruction Fuzzy Hash: 4BE1BAB07003058FEB25DB69C450BAEB7FBAF89B40F54886DE546DB290DB75E801CB51
                                Function 075DA3D8 Relevance: .2, Instructions: 174COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f0cad66489db65635d74e074ccac33ac28da76968995d963f75dd75bff6e4fa4
                                • Instruction ID: f0a5ddc5f76ed042467f9a47099603ff1eccb5368a9cdc2dafdbb1cc8f096316
                                • Opcode Fuzzy Hash: f0cad66489db65635d74e074ccac33ac28da76968995d963f75dd75bff6e4fa4
                                • Instruction Fuzzy Hash: 11516DB5D08219CFEB28CFAAD8417EFBBB6BB8A300F04D5A5C419A6255DB344D42CF51
                                Function 07754C0E Relevance: .0, Instructions: 8COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410185671.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7750000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0bc91dbd4c2e19e9464448b4a0444d318df26a998415858b7a1a7f14320ba25e
                                • Instruction ID: 9787bdaa32447d8acbe64f7a5cc81cd1ec22676de59ea8fafdd9ce0adcef583d
                                • Opcode Fuzzy Hash: 0bc91dbd4c2e19e9464448b4a0444d318df26a998415858b7a1a7f14320ba25e
                                • Instruction Fuzzy Hash: 28A002D0CAF148C2D0411F1100386B8C57E471B0CAD8A39084C0A3700204C0C150401D
                                Function 02EECFF1 Relevance: 6.1, APIs: 4, Instructions: 130threadCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                • GetCurrentProcess.KERNEL32 ref: 02EED07E
                                • GetCurrentThread.KERNEL32 ref: 02EED0BB
                                • GetCurrentProcess.KERNEL32 ref: 02EED0F8
                                • GetCurrentThreadId.KERNEL32 ref: 02EED151
                                Memory Dump Source
                                • Source File: 00000000.00000002.1404900781.0000000002EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2ee0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID: Current$ProcessThread
                                • String ID:
                                • API String ID: 2063062207-0
                                • Opcode ID: ef6f3845cb6406aa279eab18fb63c049ebe2c2bbf35a7767d553a24aab72bac1
                                • Instruction ID: 96a046624076cb9892d28e6ba4c39408ca50883def05954ef10abb9366ee27fd
                                • Opcode Fuzzy Hash: ef6f3845cb6406aa279eab18fb63c049ebe2c2bbf35a7767d553a24aab72bac1
                                • Instruction Fuzzy Hash: 825176B09007098FDB04CFA9D948BDEBBF1EF48314F24C49AE409A73A0DB749944CB65
                                Function 02EED000 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                • GetCurrentProcess.KERNEL32 ref: 02EED07E
                                • GetCurrentThread.KERNEL32 ref: 02EED0BB
                                • GetCurrentProcess.KERNEL32 ref: 02EED0F8
                                • GetCurrentThreadId.KERNEL32 ref: 02EED151
                                Memory Dump Source
                                • Source File: 00000000.00000002.1404900781.0000000002EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2ee0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID: Current$ProcessThread
                                • String ID:
                                • API String ID: 2063062207-0
                                • Opcode ID: e019b72e9e693c271da63b5948fe1638384fdbf5f6ea4cb7619eb5dbc650bb11
                                • Instruction ID: 8a3f360b55a3bb1e6f25c7bf61e3eb773e76a574cf566bd6dbd0cc28b6636540
                                • Opcode Fuzzy Hash: e019b72e9e693c271da63b5948fe1638384fdbf5f6ea4cb7619eb5dbc650bb11
                                • Instruction Fuzzy Hash: 425164B09007098FDB14CFAAD948BDEBBF5EF88314F24C45AE409A73A0DB749944CB65
                                Function 07751415 Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 307 7751415-77514b5 310 77514b7-77514c1 307->310 311 77514ee-775150e 307->311 310->311 312 77514c3-77514c5 310->312 316 7751547-7751576 311->316 317 7751510-775151a 311->317 314 77514c7-77514d1 312->314 315 77514e8-77514eb 312->315 318 77514d5-77514e4 314->318 319 77514d3 314->319 315->311 327 77515af-7751669 CreateProcessA 316->327 328 7751578-7751582 316->328 317->316 320 775151c-775151e 317->320 318->318 321 77514e6 318->321 319->318 322 7751541-7751544 320->322 323 7751520-775152a 320->323 321->315 322->316 325 775152c 323->325 326 775152e-775153d 323->326 325->326 326->326 329 775153f 326->329 339 7751672-77516f8 327->339 340 775166b-7751671 327->340 328->327 330 7751584-7751586 328->330 329->322 332 77515a9-77515ac 330->332 333 7751588-7751592 330->333 332->327 334 7751594 333->334 335 7751596-77515a5 333->335 334->335 335->335 336 77515a7 335->336 336->332 350 7751708-775170c 339->350 351 77516fa-77516fe 339->351 340->339 353 775171c-7751720 350->353 354 775170e-7751712 350->354 351->350 352 7751700 351->352 352->350 355 7751730-7751734 353->355 356 7751722-7751726 353->356 354->353 357 7751714 354->357 359 7751746-775174d 355->359 360 7751736-775173c 355->360 356->355 358 7751728 356->358 357->353 358->355 361 7751764 359->361 362 775174f-775175e 359->362 360->359 364 7751765 361->364 362->361 364->364
                                APIs
                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07751656
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410185671.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7750000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: b82af49d3391f771db861a0c542808c70b4e912c20a7a586c26cf351848fde46
                                • Instruction ID: d6fc193bcc1b65a72715bf1d7acd6237210f9507907bd5300c3893c07a9a66f7
                                • Opcode Fuzzy Hash: b82af49d3391f771db861a0c542808c70b4e912c20a7a586c26cf351848fde46
                                • Instruction Fuzzy Hash: 78A14CB1D0035ECFEB20CF68C8417EEBBB2BB44351F548569E809A7240DBB59985CF91
                                Function 07751420 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 365 7751420-77514b5 367 77514b7-77514c1 365->367 368 77514ee-775150e 365->368 367->368 369 77514c3-77514c5 367->369 373 7751547-7751576 368->373 374 7751510-775151a 368->374 371 77514c7-77514d1 369->371 372 77514e8-77514eb 369->372 375 77514d5-77514e4 371->375 376 77514d3 371->376 372->368 384 77515af-7751669 CreateProcessA 373->384 385 7751578-7751582 373->385 374->373 377 775151c-775151e 374->377 375->375 378 77514e6 375->378 376->375 379 7751541-7751544 377->379 380 7751520-775152a 377->380 378->372 379->373 382 775152c 380->382 383 775152e-775153d 380->383 382->383 383->383 386 775153f 383->386 396 7751672-77516f8 384->396 397 775166b-7751671 384->397 385->384 387 7751584-7751586 385->387 386->379 389 77515a9-77515ac 387->389 390 7751588-7751592 387->390 389->384 391 7751594 390->391 392 7751596-77515a5 390->392 391->392 392->392 393 77515a7 392->393 393->389 407 7751708-775170c 396->407 408 77516fa-77516fe 396->408 397->396 410 775171c-7751720 407->410 411 775170e-7751712 407->411 408->407 409 7751700 408->409 409->407 412 7751730-7751734 410->412 413 7751722-7751726 410->413 411->410 414 7751714 411->414 416 7751746-775174d 412->416 417 7751736-775173c 412->417 413->412 415 7751728 413->415 414->410 415->412 418 7751764 416->418 419 775174f-775175e 416->419 417->416 421 7751765 418->421 419->418 421->421
                                APIs
                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07751656
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410185671.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7750000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 61d37b2738525c113fad0944b2e51e7166f6abcfabb8117ac7b95ba8a93e5aee
                                • Instruction ID: cd4a38936e0ff2d0fca4ac1a63609ce1e50b71624cc30bea1f8dee910745ceb5
                                • Opcode Fuzzy Hash: 61d37b2738525c113fad0944b2e51e7166f6abcfabb8117ac7b95ba8a93e5aee
                                • Instruction Fuzzy Hash: AD914CB1D0035ECFEB10CF68C8407DEBBB2BB44351F548569E809A7240DBB59985CF91
                                Function 02EEAD68 Relevance: 1.7, APIs: 1, Instructions: 195COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 422 2eead68-2eead77 423 2eead79-2eead86 call 2eea08c 422->423 424 2eeada3-2eeada7 422->424 429 2eead9c 423->429 430 2eead88 423->430 425 2eeadbb-2eeadfc 424->425 426 2eeada9-2eeadb3 424->426 433 2eeadfe-2eeae06 425->433 434 2eeae09-2eeae17 425->434 426->425 429->424 477 2eead8e call 2eeaff0 430->477 478 2eead8e call 2eeb000 430->478 433->434 436 2eeae3b-2eeae3d 434->436 437 2eeae19-2eeae1e 434->437 435 2eead94-2eead96 435->429 440 2eeaed8-2eeaf98 435->440 441 2eeae40-2eeae47 436->441 438 2eeae29 437->438 439 2eeae20-2eeae27 call 2eea098 437->439 443 2eeae2b-2eeae39 438->443 439->443 472 2eeaf9a-2eeaf9d 440->472 473 2eeafa0-2eeafcb GetModuleHandleW 440->473 444 2eeae49-2eeae51 441->444 445 2eeae54-2eeae5b 441->445 443->441 444->445 447 2eeae5d-2eeae65 445->447 448 2eeae68-2eeae71 call 2eea0a8 445->448 447->448 453 2eeae7e-2eeae83 448->453 454 2eeae73-2eeae7b 448->454 456 2eeae85-2eeae8c 453->456 457 2eeaea1-2eeaea5 453->457 454->453 456->457 458 2eeae8e-2eeae9e call 2eea0b8 call 2eea0c8 456->458 461 2eeaeab-2eeaeae 457->461 458->457 463 2eeaeb0-2eeaece 461->463 464 2eeaed1-2eeaed7 461->464 463->464 472->473 474 2eeafcd-2eeafd3 473->474 475 2eeafd4-2eeafe8 473->475 474->475 477->435 478->435
                                APIs
                                • GetModuleHandleW.KERNELBASE(00000000), ref: 02EEAFBE
                                Memory Dump Source
                                • Source File: 00000000.00000002.1404900781.0000000002EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2ee0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID: HandleModule
                                • String ID:
                                • API String ID: 4139908857-0
                                • Opcode ID: 07c9e36b1c8879b26a55330919442ad206432fa88da5ed0fe93f60080a3ef130
                                • Instruction ID: ffe15e57310f4a514de25c6adf9fa22733e84c18f4630cb26107b9c0e6bbb4a2
                                • Opcode Fuzzy Hash: 07c9e36b1c8879b26a55330919442ad206432fa88da5ed0fe93f60080a3ef130
                                • Instruction Fuzzy Hash: FB71F370A00B058FDB24DF6AD54479ABBF2FF88308F10892DD48A97B50D779E849CB91
                                Function 02EE44B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 479 2ee44b4-2ee59d9 CreateActCtxA 482 2ee59db-2ee59e1 479->482 483 2ee59e2-2ee5a3c 479->483 482->483 490 2ee5a3e-2ee5a41 483->490 491 2ee5a4b-2ee5a4f 483->491 490->491 492 2ee5a60-2ee5a90 491->492 493 2ee5a51-2ee5a5d 491->493 497 2ee5a42-2ee5a4a 492->497 498 2ee5a92-2ee5b14 492->498 493->492 497->491 501 2ee59cf-2ee59d9 497->501 501->482 501->483
                                APIs
                                • CreateActCtxA.KERNEL32(?), ref: 02EE59C9
                                Memory Dump Source
                                • Source File: 00000000.00000002.1404900781.0000000002EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2ee0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID: Create
                                • String ID:
                                • API String ID: 2289755597-0
                                • Opcode ID: 5df413cbf6a18836b69563073c15fcc6ee79dcd3308f1d1c5a6a111a867b3652
                                • Instruction ID: 631cb035cda15b30f1ccc5439a9270b277997ff2d3c3040651a02ca833e8cbed
                                • Opcode Fuzzy Hash: 5df413cbf6a18836b69563073c15fcc6ee79dcd3308f1d1c5a6a111a867b3652
                                • Instruction Fuzzy Hash: 4741AF70C0072DCBDF24DFA9C8847DEBBB6AF49708F60846AD409AB251DB756945CF50
                                Function 02EE590C Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 502 2ee590c-2ee59d9 CreateActCtxA 504 2ee59db-2ee59e1 502->504 505 2ee59e2-2ee5a3c 502->505 504->505 512 2ee5a3e-2ee5a41 505->512 513 2ee5a4b-2ee5a4f 505->513 512->513 514 2ee5a60-2ee5a90 513->514 515 2ee5a51-2ee5a5d 513->515 519 2ee5a42-2ee5a4a 514->519 520 2ee5a92-2ee5b14 514->520 515->514 519->513 523 2ee59cf-2ee59d9 519->523 523->504 523->505
                                APIs
                                • CreateActCtxA.KERNEL32(?), ref: 02EE59C9
                                Memory Dump Source
                                • Source File: 00000000.00000002.1404900781.0000000002EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2ee0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID: Create
                                • String ID:
                                • API String ID: 2289755597-0
                                • Opcode ID: 0387716d2a2e57cd4e1e25d2ecd56a3af9bb7cb1ef8493d01acf81df8745e453
                                • Instruction ID: 6465c37234c66b1bde95f4a7c7f1d63d583f58eacb65b86f83da10bbd33ce89f
                                • Opcode Fuzzy Hash: 0387716d2a2e57cd4e1e25d2ecd56a3af9bb7cb1ef8493d01acf81df8745e453
                                • Instruction Fuzzy Hash: 9341C0B0C00719CBDF15CFA9C8847CEBBB1BF49708F60845AD409AB251DB756946CF50
                                Function 07751190 Relevance: 1.6, APIs: 1, Instructions: 74injectionCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 524 7751190-77511e6 527 77511f6-7751235 WriteProcessMemory 524->527 528 77511e8-77511f4 524->528 530 7751237-775123d 527->530 531 775123e-775126e 527->531 528->527 530->531
                                APIs
                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07751228
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410185671.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7750000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID: MemoryProcessWrite
                                • String ID:
                                • API String ID: 3559483778-0
                                • Opcode ID: 18bd44bf476bb732c671b54f0c49611c653ec785d8a7ba44574c53599944021d
                                • Instruction ID: c0b6023123152bf807d5551200240e18e0584ce8a865800c7e87ccc513311347
                                • Opcode Fuzzy Hash: 18bd44bf476bb732c671b54f0c49611c653ec785d8a7ba44574c53599944021d
                                • Instruction Fuzzy Hash: 662159B590030D9FDB00CFA9D8857EEBBF4FF48310F50882AE918A7240D7799541CBA0
                                Function 07750BC0 Relevance: 1.6, APIs: 1, Instructions: 69threadCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 535 7750bc0-7750c13 538 7750c15-7750c21 535->538 539 7750c23-7750c53 Wow64SetThreadContext 535->539 538->539 541 7750c55-7750c5b 539->541 542 7750c5c-7750c8c 539->542 541->542
                                APIs
                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07750C46
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410185671.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7750000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID: ContextThreadWow64
                                • String ID:
                                • API String ID: 983334009-0
                                • Opcode ID: 7cb351b9b53cd7ca1a91703d8d7cf50c329a2651e9984e24ee1c75c126c90f8d
                                • Instruction ID: 554274ba02745bc2b2e76269ef7413618580983d33564bf92bd5ac98c122d0d8
                                • Opcode Fuzzy Hash: 7cb351b9b53cd7ca1a91703d8d7cf50c329a2651e9984e24ee1c75c126c90f8d
                                • Instruction Fuzzy Hash: F0217CB6D003098FDB10DFAAD4857EEBBF4EF49320F14842AD558A7240C7789A45CFA0
                                Function 07751280 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 556 7751280-7751315 ReadProcessMemory 560 7751317-775131d 556->560 561 775131e-775134e 556->561 560->561
                                APIs
                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07751308
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410185671.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7750000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID: MemoryProcessRead
                                • String ID:
                                • API String ID: 1726664587-0
                                • Opcode ID: 5231e3566118c55f3160e3fa479b615303696ff2e3a5f304a5f1d0b0ed9718d8
                                • Instruction ID: 9ddd052d0134b9d85e595bdd4520d655af10c758c5162b3fe0779adef55194cc
                                • Opcode Fuzzy Hash: 5231e3566118c55f3160e3fa479b615303696ff2e3a5f304a5f1d0b0ed9718d8
                                • Instruction Fuzzy Hash: 5F214CB18003199FDB10CFAAD8807DEBBF5FF48310F54842AE519A7240C7799545CBA0
                                Function 07751198 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 546 7751198-77511e6 548 77511f6-7751235 WriteProcessMemory 546->548 549 77511e8-77511f4 546->549 551 7751237-775123d 548->551 552 775123e-775126e 548->552 549->548 551->552
                                APIs
                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07751228
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410185671.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7750000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID: MemoryProcessWrite
                                • String ID:
                                • API String ID: 3559483778-0
                                • Opcode ID: d3fc5aacdae83a741558e6f88d00524ca55f534ffdabd3f3a223b7854f274ea9
                                • Instruction ID: 3367e72fdf4726696ba22639d2587193ed1ae1ce583b520b5a945ffca764e216
                                • Opcode Fuzzy Hash: d3fc5aacdae83a741558e6f88d00524ca55f534ffdabd3f3a223b7854f274ea9
                                • Instruction Fuzzy Hash: DC2126B590035D9FDB10CFAAC885BDEBBF5FF48310F54882AE918A7240D7799944CBA4
                                Function 02EED648 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 565 2eed648-2eed6e4 DuplicateHandle 566 2eed6ed-2eed70a 565->566 567 2eed6e6-2eed6ec 565->567 567->566
                                APIs
                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02EED6D7
                                Memory Dump Source
                                • Source File: 00000000.00000002.1404900781.0000000002EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2ee0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: a51b907063469278bd69e32f1da31b1d9f15bee9da6458d2216b8469fcd165fc
                                • Instruction ID: 702209329396c3b4a0ecccc96c89227d839001e06f1c7be94904fd55b663995d
                                • Opcode Fuzzy Hash: a51b907063469278bd69e32f1da31b1d9f15bee9da6458d2216b8469fcd165fc
                                • Instruction Fuzzy Hash: B821E4B5900209DFDB10CF9AD985BDEBBF8FB48314F14841AE918A3350D378A940CF64
                                Function 07750BC8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 570 7750bc8-7750c13 572 7750c15-7750c21 570->572 573 7750c23-7750c53 Wow64SetThreadContext 570->573 572->573 575 7750c55-7750c5b 573->575 576 7750c5c-7750c8c 573->576 575->576
                                APIs
                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07750C46
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410185671.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7750000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID: ContextThreadWow64
                                • String ID:
                                • API String ID: 983334009-0
                                • Opcode ID: 3590720a3dd58dbbc6122caa20c524a685de84c13badcc7e9d0a3653d4500b98
                                • Instruction ID: acd701e6fd685439e57d91a09fbbfea3272f38c3f66a3841d74a64f3a2cc8e76
                                • Opcode Fuzzy Hash: 3590720a3dd58dbbc6122caa20c524a685de84c13badcc7e9d0a3653d4500b98
                                • Instruction Fuzzy Hash: 422158B1D003098FDB10DFAAC4857EEBBF4EF49310F14842AD959A7240C7B99945CFA4
                                Function 07751288 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                Download Yara Rule
                                APIs
                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07751308
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410185671.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7750000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID: MemoryProcessRead
                                • String ID:
                                • API String ID: 1726664587-0
                                • Opcode ID: d7d4310ff3f5fb7e9c4322d9358e2a1ef183a73c3c6e3cf514f3635c2a2460e4
                                • Instruction ID: bd5fafdee39600839efff4f8ad8c687b9942fc19105abdd1e6c765ca0f8edbc7
                                • Opcode Fuzzy Hash: d7d4310ff3f5fb7e9c4322d9358e2a1ef183a73c3c6e3cf514f3635c2a2460e4
                                • Instruction Fuzzy Hash: 982128B18003599FDB10CFAAC880BEEBBF5FF48310F54842AE918A7240C7799544CBA4
                                Function 02EED650 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                Download Yara Rule
                                APIs
                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02EED6D7
                                Memory Dump Source
                                • Source File: 00000000.00000002.1404900781.0000000002EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2ee0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: 2bf33f326b5ff5e252f650ec5a125e36ae295e0cf27dbbfaf6ae00f3242b9d53
                                • Instruction ID: 3b9c0b548a8b0881571696ddc8b370e125e9007221dbc3d959e6a74d4fd7c284
                                • Opcode Fuzzy Hash: 2bf33f326b5ff5e252f650ec5a125e36ae295e0cf27dbbfaf6ae00f3242b9d53
                                • Instruction Fuzzy Hash: 8F21F3B5900209DFDB10CFAAD984ADEFBF8FB48310F14841AE918A3350D379A940CFA4
                                Function 077510D1 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07751146
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410185671.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7750000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 1fbd9346d6a51fc52cbb80626ec5cd314fd3ae7c114e7b128dd1e144c762c0eb
                                • Instruction ID: 452e46514597bf4581eb6af28b82608dab95585ffc9c006e14bc4aa9c23152b7
                                • Opcode Fuzzy Hash: 1fbd9346d6a51fc52cbb80626ec5cd314fd3ae7c114e7b128dd1e144c762c0eb
                                • Instruction Fuzzy Hash: 8F1147768002499BDB10DFAAD844BDEBBF5EF48320F14882AE519A7250C7799540CFA0
                                Function 075D4FDF Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID: @
                                • API String ID: 0-2766056989
                                • Opcode ID: 84657e5f4aa88ceac878653988e8ea0e6b5ab1da7fa2be70bf6e0a5750b0fbf1
                                • Instruction ID: 5c9c696b80eafd773a378e746d9d25f189adbe42bb20de9c98a4f877f18e5ed8
                                • Opcode Fuzzy Hash: 84657e5f4aa88ceac878653988e8ea0e6b5ab1da7fa2be70bf6e0a5750b0fbf1
                                • Instruction Fuzzy Hash: 61E17FB4E002198FDB60CFA9C980B9DBBF2FB49210F1485AAD818E7345E7359D96CF51
                                Function 07750B10 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410185671.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7750000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID: ResumeThread
                                • String ID:
                                • API String ID: 947044025-0
                                • Opcode ID: 63052d921360bccd61de21cad0d2be883c0d65ab2be909dd1d6d3ecb7da73100
                                • Instruction ID: cfcdafcabcc3ce5e01ddfc8c04f61ab0416de3e83c667deec1748094613b9adc
                                • Opcode Fuzzy Hash: 63052d921360bccd61de21cad0d2be883c0d65ab2be909dd1d6d3ecb7da73100
                                • Instruction Fuzzy Hash: D6118EB58003498FDB10CFAAC4457DEFBF4EF49320F248419D419A7240C7799540CBA4
                                Function 077510D8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07751146
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410185671.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7750000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: bacddddc447ee3baf5c984da7b3158e3d5ea5dbe95bb22e46c2a479ddc5efa0c
                                • Instruction ID: 264f15ce7360345d851bd7ddae030400c8ce6808fd4ff0097bfe1beae87cbadc
                                • Opcode Fuzzy Hash: bacddddc447ee3baf5c984da7b3158e3d5ea5dbe95bb22e46c2a479ddc5efa0c
                                • Instruction Fuzzy Hash: 9D1137768003499FDB10DFAAC844BDFBBF5EF48310F148829E519A7250C77A9540CFA0
                                Function 07755689 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                                Download Yara Rule
                                APIs
                                • PostMessageW.USER32(?,?,?,?), ref: 077556ED
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410185671.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7750000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID: MessagePost
                                • String ID:
                                • API String ID: 410705778-0
                                • Opcode ID: 303164bb3de0e0c41f5819105cf84529bc831dc1a00d7143d144f459b73230af
                                • Instruction ID: 5f1ec0909e9ed0ba13f281d337265f79051999da2f6955f9b1ce01c982cbb114
                                • Opcode Fuzzy Hash: 303164bb3de0e0c41f5819105cf84529bc831dc1a00d7143d144f459b73230af
                                • Instruction Fuzzy Hash: E111F5B58003599FDB10DF9AD885BDEFBF8FB48324F10881AE554A7600C379A594CFA5
                                Function 07750B18 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410185671.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7750000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID: ResumeThread
                                • String ID:
                                • API String ID: 947044025-0
                                • Opcode ID: c0e4aebd553382af3e07c4fb4e80faf255f21c7da2a4cd1b0a4ab4c21bfea841
                                • Instruction ID: cca2be4708ec2082b48674429a35f921f8663611c8275c2f5d7d05c74cb97b30
                                • Opcode Fuzzy Hash: c0e4aebd553382af3e07c4fb4e80faf255f21c7da2a4cd1b0a4ab4c21bfea841
                                • Instruction Fuzzy Hash: 43113AB1D003498FDB10DFAAC4457DEFBF4EF49314F248829D519A7240C779A544CB94
                                Function 02EEAF58 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                Download Yara Rule
                                APIs
                                • GetModuleHandleW.KERNELBASE(00000000), ref: 02EEAFBE
                                Memory Dump Source
                                • Source File: 00000000.00000002.1404900781.0000000002EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2ee0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID: HandleModule
                                • String ID:
                                • API String ID: 4139908857-0
                                • Opcode ID: e29198a11ca071b5a4dca5da076401cb762a2cdba4f7d64506d4af7b608c5214
                                • Instruction ID: e93b5d9004fcb19c2817d279ec8b0f00fbf089dc57bd7b33724821d345ba79e9
                                • Opcode Fuzzy Hash: e29198a11ca071b5a4dca5da076401cb762a2cdba4f7d64506d4af7b608c5214
                                • Instruction Fuzzy Hash: AF1110B6C002498FDB10CF9AD444BDEFBF4AB88318F11842AD419A7700C379A545CFA5
                                Function 07755690 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                Download Yara Rule
                                APIs
                                • PostMessageW.USER32(?,?,?,?), ref: 077556ED
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410185671.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7750000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID: MessagePost
                                • String ID:
                                • API String ID: 410705778-0
                                • Opcode ID: 73aeb8dec85e1035c109ad349f4a377972ddf62220d92b1e23ff7c9e2ac34591
                                • Instruction ID: 21418b05612bd23414fbf50b3c32635a38e8e6424b884a4c602f2ddadeef0c09
                                • Opcode Fuzzy Hash: 73aeb8dec85e1035c109ad349f4a377972ddf62220d92b1e23ff7c9e2ac34591
                                • Instruction Fuzzy Hash: 1C11D3B58003499FDB10DF9AD885BDEFBF8EB48310F10881AD958A7250D379A554CFA5
                                Function 075D7450 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID: m
                                • API String ID: 0-3775001192
                                • Opcode ID: e8c1defdb7930934ee1c252e5ebc9306f791aa719d27032f2d924dec04581d23
                                • Instruction ID: a2fb6d1abe0a9e4286fe894c53bab8218c720914b0509904f820315b72960ea2
                                • Opcode Fuzzy Hash: e8c1defdb7930934ee1c252e5ebc9306f791aa719d27032f2d924dec04581d23
                                • Instruction Fuzzy Hash: D1E08CB0D05209DBCB25EBA894087ED7AB8EB0A301F000999C40553240D7310E448AA2
                                Function 075D3348 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID: 6
                                • API String ID: 0-498629140
                                • Opcode ID: 14d03d112a02694c656f84ebbdf77f71d747d0d85d731a05a740674feb28dcc0
                                • Instruction ID: f57f5153000141574f764ebe771147cf6767deddcb35d81f3a2bb06cc0c8e727
                                • Opcode Fuzzy Hash: 14d03d112a02694c656f84ebbdf77f71d747d0d85d731a05a740674feb28dcc0
                                • Instruction Fuzzy Hash: 57E08CB080420CEBDB24DFA8D6096ADBFB8EB06201F10499AD40593240EBB14E42D642
                                Function 075D4038 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID: 7
                                • API String ID: 0-1790921346
                                • Opcode ID: 5e48c36117a44e92bbeb45be3a93616920408b1639fe45c07a1a0f4ce3553fc8
                                • Instruction ID: cc8604a0d58a9d8b7ce19ffb44dc4730cbebe5b1a3f311201b5868e9bf199525
                                • Opcode Fuzzy Hash: 5e48c36117a44e92bbeb45be3a93616920408b1639fe45c07a1a0f4ce3553fc8
                                • Instruction Fuzzy Hash: 91E0C2B080524CDBCB20EFB8E4097ED77B8FB42200F400599C80A57240D7340E45C642
                                Function 075D8488 Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID: YWU
                                • API String ID: 0-1926734533
                                • Opcode ID: 2c1fc4a609ce1d2a954304c9c742c8d603d003b7d72c07b727bdd0829d4d961c
                                • Instruction ID: e4b292f4f8fd46ce6dff81666380164ba03c30dadd69a4319b3c7842f18eec85
                                • Opcode Fuzzy Hash: 2c1fc4a609ce1d2a954304c9c742c8d603d003b7d72c07b727bdd0829d4d961c
                                • Instruction Fuzzy Hash: 0FD01232110109DE8B50FE99E840CD277DCBB587407008823E604CB120E621F824D791
                                Function 075D2C38 Relevance: .4, Instructions: 437COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 892195a66fd4c6db7a70fb96e3f6d93605a4bcf0ee34aff77e2f5c10bae4670e
                                • Instruction ID: 9b7e55d6dacc67516b8bdc34d37defe3a9d5ac0ac08dfaeb18607b167b6d5025
                                • Opcode Fuzzy Hash: 892195a66fd4c6db7a70fb96e3f6d93605a4bcf0ee34aff77e2f5c10bae4670e
                                • Instruction Fuzzy Hash: 38E19EB1B14216CFCB25DB7CD8586AE7BE6BF89611F14486AE406DB360DE70CC42CB91
                                Function 075D3D9E Relevance: .2, Instructions: 231COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ac9f95b994e03cfe8905ee985050ba31bdaa7994341c5d397513f77d7276b771
                                • Instruction ID: ae6812ee1a1f67dddd7575c292b7da9dcd398db70c819aa8ba89253dcb085e91
                                • Opcode Fuzzy Hash: ac9f95b994e03cfe8905ee985050ba31bdaa7994341c5d397513f77d7276b771
                                • Instruction Fuzzy Hash: B491B0B4E04209DFCB54DFA9C480AEDBBF2FB49310F20856AD819EB391D73599428F51
                                Function 075D6D37 Relevance: .2, Instructions: 193COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6f49edcf04f54e894be6e5d518f9c86052ef2cc7e3e99244997ebdda3b3680ce
                                • Instruction ID: 8304fc2dfc69398ea0ff16eae016985e349a97c2e564fa0e73a97c61080aa04c
                                • Opcode Fuzzy Hash: 6f49edcf04f54e894be6e5d518f9c86052ef2cc7e3e99244997ebdda3b3680ce
                                • Instruction Fuzzy Hash: 5E8192B4E0421A8FDF51CFA8D890AEEBBB1FF49244F10846AD809EB215D7319D46CF40
                                Function 075D80EA Relevance: .2, Instructions: 166COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ca2e8a557cd5a4440094eabe84f189871f6f2434d3fc9db3610b0a62dfa8ac77
                                • Instruction ID: 24613fb2a5a2451d80d992ab6fc806ddd396b444a0f4bd69160fbde74dcf2e1d
                                • Opcode Fuzzy Hash: ca2e8a557cd5a4440094eabe84f189871f6f2434d3fc9db3610b0a62dfa8ac77
                                • Instruction Fuzzy Hash: AE618CB4E042198FCB20DFA9C980AEDBBF1BB49300F2485AAD819E7305E735AD45CF50
                                Function 075D4894 Relevance: .2, Instructions: 162COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ce0e1efc63dfa3458c491e709f278fae6d69cb85a5ab97641d9862d024711ec8
                                • Instruction ID: 5d29619705b712703c27cf9055f341b43c0e1ff5b17d5f708ed323fc9db45944
                                • Opcode Fuzzy Hash: ce0e1efc63dfa3458c491e709f278fae6d69cb85a5ab97641d9862d024711ec8
                                • Instruction Fuzzy Hash: FA51CF70B042068FDB11DB79D8849AFBBF7FFC9220714856AE41ADB391EB309C0587A1
                                Function 075DAE30 Relevance: .1, Instructions: 134COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dea14291081e45cfa116d350a54fbc23ca7946f25c76e734f682afc93fd671a9
                                • Instruction ID: 4db89d1dc91885c846fd947a0f7c6beb81558e1a19f642eedf4b41a44163ad7d
                                • Opcode Fuzzy Hash: dea14291081e45cfa116d350a54fbc23ca7946f25c76e734f682afc93fd671a9
                                • Instruction Fuzzy Hash: 2551C6B4D15219CFDB14CFAAC8446EEBBB6BF89300F10D42AD415AB255DB345D46CB50
                                Function 075DC6D8 Relevance: .1, Instructions: 132COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 83f0a2287186ae0de04d0821440699673108f5b66f69024bfdc49c19b9fae512
                                • Instruction ID: 2d75a843f65ec189c4f16fa1a5d35e9ddf32f02632175e4e1594d74cbf0ddcec
                                • Opcode Fuzzy Hash: 83f0a2287186ae0de04d0821440699673108f5b66f69024bfdc49c19b9fae512
                                • Instruction Fuzzy Hash: 2351E5B4D19209CFDB14CFA9C5849EDBBBABF4E301F149959D40AA7241D7349D82CFA0
                                Function 075D86E0 Relevance: .1, Instructions: 114COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f9d8b05d05f772c6dbbb683f0e485894255436a56f60f1213f2a100e7ff268bf
                                • Instruction ID: 1c157b639de56d68233f8752245c099a21d0b03a9a8bac06f3dcdde4c63abf79
                                • Opcode Fuzzy Hash: f9d8b05d05f772c6dbbb683f0e485894255436a56f60f1213f2a100e7ff268bf
                                • Instruction Fuzzy Hash: FA4109B4E00209DFDB54DFA8D880AEEB7B2FB89310F14886AD815E7350D735AD42CB51
                                Function 075DAE20 Relevance: .1, Instructions: 109COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c6d95aa149e39da2e08167976d9174fa7156224ee0a4d130e9694e37a2125aac
                                • Instruction ID: 9a8179dbe1e31214924d7811d7c522c634e30112c4437cee8793dfa0d46cefe3
                                • Opcode Fuzzy Hash: c6d95aa149e39da2e08167976d9174fa7156224ee0a4d130e9694e37a2125aac
                                • Instruction Fuzzy Hash: 6B4118B4D19258CFDB14CFAAC9446EEBBB6BF8A300F14D42AD419AB255DB344D06CB50
                                Function 075D86CF Relevance: .1, Instructions: 108COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3f75fd9dde8b547401da22ba2cda13a6a625f427a1ef53940c350d3e09897087
                                • Instruction ID: 1a4fe31ab70355cde205b12ff6d02031a6d76ed93deba6ac3936f9c8850ade42
                                • Opcode Fuzzy Hash: 3f75fd9dde8b547401da22ba2cda13a6a625f427a1ef53940c350d3e09897087
                                • Instruction Fuzzy Hash: A2410BB4E00209DFDB54DFA8D880AEEB7B2FF49310F14896AD415E7390DB35AD468B51
                                Function 075D4428 Relevance: .1, Instructions: 107COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2dcbb247701bdb446be6cc5e88c45583e750f5e337ba5b0411b1917fce1e223f
                                • Instruction ID: e2de3c2fc6aa45346f0c2b3f9e759fe0e78bacb77a6f0264c1ef102e995b974a
                                • Opcode Fuzzy Hash: 2dcbb247701bdb446be6cc5e88c45583e750f5e337ba5b0411b1917fce1e223f
                                • Instruction Fuzzy Hash: DB41E4B4E001499FCF54DFA8D494AEEBBB2FB89300F10842AE819A7350DB359D42CF51
                                Function 075D2FB0 Relevance: .1, Instructions: 107COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 387d2e9f459fcfde3ab87865677a477c68adbd4b431e09b4f4324c7f5f1113c4
                                • Instruction ID: d3139a598e1860ff2f48ed376d60ee3d06df9980681a6a7889c45a377f5b356a
                                • Opcode Fuzzy Hash: 387d2e9f459fcfde3ab87865677a477c68adbd4b431e09b4f4324c7f5f1113c4
                                • Instruction Fuzzy Hash: D141E2B4E1020A9FDB14DFB9D9595EEBBF5BF49201F10842AE906E3250EB30D941CFA0
                                Function 075D592C Relevance: .1, Instructions: 104COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 18619612c2eb60a3f31f30555e2b2e43efc0878248edc174feffa0457b24a463
                                • Instruction ID: e6cb88660d6e96f92a0201d1e834af6411d8af45344a0ca0fa04e46c86450b06
                                • Opcode Fuzzy Hash: 18619612c2eb60a3f31f30555e2b2e43efc0878248edc174feffa0457b24a463
                                • Instruction Fuzzy Hash: E53159B1900209AFDB10CFA9D884ADEBFF9FF48310F10886AE808A7250D7359945CFA4
                                Function 075D4417 Relevance: .1, Instructions: 103COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3da2bbf4a1a1bec78411eeed455a05507befbf11d68474dc02fa04a9cb253b1e
                                • Instruction ID: fe65dda4191b54272133a9404571bfca34ece882d0dc31765cdf671288b424fb
                                • Opcode Fuzzy Hash: 3da2bbf4a1a1bec78411eeed455a05507befbf11d68474dc02fa04a9cb253b1e
                                • Instruction Fuzzy Hash: 50412B74E011499FCF54DFA8D890AEEBBB2FB89300F10846AE815A7350DB359D46CF51
                                Function 075D7E90 Relevance: .1, Instructions: 86COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 22e011fb4bfbf287340be1a37d1adbad1cda1fc81631ff94ebcd91254d047bac
                                • Instruction ID: d11f49763b45aa129f007100803e43fed3a9919aa51f1907c88931cf8944e359
                                • Opcode Fuzzy Hash: 22e011fb4bfbf287340be1a37d1adbad1cda1fc81631ff94ebcd91254d047bac
                                • Instruction Fuzzy Hash: CC1124B294D3895FD722C7B89E415EABFB8FB07320B244AD7E845D3242D3380A02D761
                                Function 075D4E38 Relevance: .1, Instructions: 83COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bff56070b7bcd7ea0e7db7c0d307587564867f3b8edd9b843778c93bd6e16cbf
                                • Instruction ID: 333bf89494aea541522d889d9935d1ab1af3e7f5b5f3cad2257c676855f77667
                                • Opcode Fuzzy Hash: bff56070b7bcd7ea0e7db7c0d307587564867f3b8edd9b843778c93bd6e16cbf
                                • Instruction Fuzzy Hash: 4F3118B5D0528A8FDF11CFA8C9856EEBBF0FF0A204F1485AAD814E7351E7349A42CB51
                                Function 075D5AB0 Relevance: .1, Instructions: 78COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5aff1cc1feb90b883292de0a179d329ea3fcb3b7b223c53c750e2ca3f4b65e93
                                • Instruction ID: f7bc18b3c2e84523db60b544da8c6cd8ea5e5e127bca68dfc0fadf9c113d4d63
                                • Opcode Fuzzy Hash: 5aff1cc1feb90b883292de0a179d329ea3fcb3b7b223c53c750e2ca3f4b65e93
                                • Instruction Fuzzy Hash: 9A2135B5A043154FEB12DF7CDC906EFBBB7EFC5160B18452AD458DB241EA308D0A83A2
                                Function 02D0D3D8 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1404391371.0000000002D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D0D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2d0d000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6e901d49bf41e556fedc7aa71f21f055a9acd3b766ee14184e1005d56f684fc1
                                • Instruction ID: 18d819406c4f5c74e4e242afd2bcf29843a46120a8dae7fbb4f820b4dc0b89e5
                                • Opcode Fuzzy Hash: 6e901d49bf41e556fedc7aa71f21f055a9acd3b766ee14184e1005d56f684fc1
                                • Instruction Fuzzy Hash: F7213D71500344DFDB08DF50D5C0B16BB66FB84314F24C16ED9090B3A6C336E856C7A2
                                Function 075D4ED8 Relevance: .1, Instructions: 74COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d584241d333d1cc981bd344bd19dd0f5aef8f43f88b1128253daf880f6c67727
                                • Instruction ID: 7be5c312db5bf719f9705826ee10c39c04f4f6660d7501a01b3a7a093584a78f
                                • Opcode Fuzzy Hash: d584241d333d1cc981bd344bd19dd0f5aef8f43f88b1128253daf880f6c67727
                                • Instruction Fuzzy Hash: 143139B4E1125ADFCB50DFA9D5856EEBBF4BB08200F1484AAE814F3350E7349A41CF61
                                Function 02D1D1D4 Relevance: .1, Instructions: 72COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1404533740.0000000002D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D1D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2d1d000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2fd10fa4261fd5e87b930a48e60fd1bece06d97eef060ae900a33f8b30d866ad
                                • Instruction ID: 49150ebe34c72832756e03095d3c43198e59d4b02d563343976f89a77c53a349
                                • Opcode Fuzzy Hash: 2fd10fa4261fd5e87b930a48e60fd1bece06d97eef060ae900a33f8b30d866ad
                                • Instruction Fuzzy Hash: 5B210771604344FFDB09DF50E5C0B25BBA6FB84314F24C66DD8494B792C336D846CA61
                                Function 02D1D01C Relevance: .1, Instructions: 72COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1404533740.0000000002D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D1D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2d1d000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 954f77bd96908fc22899f812af6e04ddebcbf54b979e7568294a9e39946db77b
                                • Instruction ID: fcfd7e23c3c8e2058c59b5e1c63fb9122d7138b41970f1fc890c40d834ad353c
                                • Opcode Fuzzy Hash: 954f77bd96908fc22899f812af6e04ddebcbf54b979e7568294a9e39946db77b
                                • Instruction Fuzzy Hash: 0521D075604344EFDB14DF14E9C0B26BB66EB84214F34C5A9E84A4B786C33AD847CA62
                                Function 075D6FA0 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3003883a0978122e7b6aef1142a579e11e83f0d6a36859fb41ed404efe6757d6
                                • Instruction ID: 460744e1a1f3ea976a1f5cd0414ebed218bd8b813604b83b9d908ca3ccaa52da
                                • Opcode Fuzzy Hash: 3003883a0978122e7b6aef1142a579e11e83f0d6a36859fb41ed404efe6757d6
                                • Instruction Fuzzy Hash: A211C171A0D384AFDB16CB74CD555EE7FB9EE8211071444E7E804CB243EA359E0AC762
                                Function 075D5C94 Relevance: .1, Instructions: 70COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7621a02bc8aa44a13882a9335fba17615ee17ddace568167dde69d2c088d8595
                                • Instruction ID: 648b882ac5523225e3318198c21d37966318948858e45c5d156dba97704dd320
                                • Opcode Fuzzy Hash: 7621a02bc8aa44a13882a9335fba17615ee17ddace568167dde69d2c088d8595
                                • Instruction Fuzzy Hash: EB31DFB4C01258AFDB20DF99D989BCEBFF5BB08314F24841AE414BB250D7B55985CBA1
                                Function 075D4EC9 Relevance: .1, Instructions: 68COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7db6807f9d071fa93470d8bdab197301e3824e55c9907a580a9705a5716df58d
                                • Instruction ID: d26933f788286da2986e614547b27b412332ce3427a127c2138f8c8b0ca9e2d6
                                • Opcode Fuzzy Hash: 7db6807f9d071fa93470d8bdab197301e3824e55c9907a580a9705a5716df58d
                                • Instruction Fuzzy Hash: 1621A3B4D0124A9FDF10CFA9C9856EEBBF0FB09214F1085AAE814E7350E7349A41CFA1
                                Function 075D5748 Relevance: .1, Instructions: 67COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b3b65d1330f17d7702d8fa07444fc379151f956d078e02875232b8788c03edc9
                                • Instruction ID: 81277d030277b871beb8c8c0327e2328899a5d655d7f8c108b336d24119c2eee
                                • Opcode Fuzzy Hash: b3b65d1330f17d7702d8fa07444fc379151f956d078e02875232b8788c03edc9
                                • Instruction Fuzzy Hash: DF31EEB0C00218DFDB20DF9AC588BCEBFF4BB08310F24842AE418BB250D7B55945CBA5
                                Function 02D1D005 Relevance: .1, Instructions: 62COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1404533740.0000000002D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D1D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2d1d000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 48789e274521e6d3ce392a8bbf74ca80c857419523bd23a37a42dda2e0763ff3
                                • Instruction ID: 6224ff96ea258c6aaa08e6b356789eb48caa2ce44f22fc0df0efb110cba45796
                                • Opcode Fuzzy Hash: 48789e274521e6d3ce392a8bbf74ca80c857419523bd23a37a42dda2e0763ff3
                                • Instruction Fuzzy Hash: BB2181755093C09FCB12CF24D9D4715BF72EB46214F28C5EAD8498F6A7C33A984ACB62
                                Function 075D54F9 Relevance: .1, Instructions: 62COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9d04da0a5d5bf161b43b1acf601d04134dec09110080291be2a88196632877c2
                                • Instruction ID: 814f97cd80508465bffdccd8ff7030676e40636bb8453b3c25a8dc56ad5e7e9c
                                • Opcode Fuzzy Hash: 9d04da0a5d5bf161b43b1acf601d04134dec09110080291be2a88196632877c2
                                • Instruction Fuzzy Hash: EB01F2A610F3C41FE73742B4AE069F27F29F54306830846D3E848CB463E009592AA7B3
                                Function 075DBCC9 Relevance: .1, Instructions: 61COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ecded64ebb8f46c112330c3f7a2af7daf29f3d2079333a463c2d64428474b9a3
                                • Instruction ID: 10fe5532f5981987c5188411868028d97a5a50943ed9ace30dbe92b0452055bc
                                • Opcode Fuzzy Hash: ecded64ebb8f46c112330c3f7a2af7daf29f3d2079333a463c2d64428474b9a3
                                • Instruction Fuzzy Hash: F621E5B1D056188BEB18CFABC9553DEBFF6BF89300F04C06AD409A6255DB7409468FA0
                                Function 075DF920 Relevance: .1, Instructions: 61COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ee51dbb2fe45fdb8947cef1b879101f1de884e75640cc9650a984e083118f80a
                                • Instruction ID: 2161d28937fdee54a7fb4849ed5914ce8ca8a7c83c7b903447596c252bb4efb1
                                • Opcode Fuzzy Hash: ee51dbb2fe45fdb8947cef1b879101f1de884e75640cc9650a984e083118f80a
                                • Instruction Fuzzy Hash: FF11A0B1F10209ABDB28AB7D98407BF76A7FB88660F048529D827973D0EA70CD4187D1
                                Function 075D5608 Relevance: .1, Instructions: 58COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2f2f022e65b8b096465d78f7fcd32f71ffae44ac6871aaf00efccaf916b98200
                                • Instruction ID: 0df06f14b2e086d2d03471160fc29b39b7353535d3a797e1199c011d5e58b1be
                                • Opcode Fuzzy Hash: 2f2f022e65b8b096465d78f7fcd32f71ffae44ac6871aaf00efccaf916b98200
                                • Instruction Fuzzy Hash: B5111CB1B0125A8BDB14EBB998106EEB7B6BF84311B20407AC515E7340EB358E15CBA5
                                Function 075D593C Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 643066e5235f2df308df427cca1c5d106596336cd3c97e552aa64fb591efd262
                                • Instruction ID: 0ddfd8f72d9adb065dc1ba2e53fae3092ad9d9cdf87fb5f2c6fa5326fb44af59
                                • Opcode Fuzzy Hash: 643066e5235f2df308df427cca1c5d106596336cd3c97e552aa64fb591efd262
                                • Instruction Fuzzy Hash: 6E21D3B59003499FCB20CF9AD884BDEBBF4FB48310F50846AE919A7210C379A955CFA5
                                Function 02D0D3D3 Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1404391371.0000000002D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D0D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2d0d000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
                                • Instruction ID: b840e83a3416041b37885df27f300adce137125f79d078820494828c266f32e3
                                • Opcode Fuzzy Hash: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
                                • Instruction Fuzzy Hash: E311D376504240DFCB15CF54D5C4B56BF72FB84324F24C6AAD8090B7A6C33AE856CBA1
                                Function 075DBCD8 Relevance: .1, Instructions: 54COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b81d930fd76469a94f776502e297ee117d12a646a6bf3aebf8dabf434bee19c6
                                • Instruction ID: da00e4cc4ea9a2987b46f66e61642f94bf7691a2e36d311b715e542b096b35c7
                                • Opcode Fuzzy Hash: b81d930fd76469a94f776502e297ee117d12a646a6bf3aebf8dabf434bee19c6
                                • Instruction Fuzzy Hash: F111B2B1D016188BEB28CF9BC9557DEFAF7BFC9300F14C06AD41966264DB7409468FA0
                                Function 02D1D1CF Relevance: .1, Instructions: 53COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1404533740.0000000002D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D1D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2d1d000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
                                • Instruction ID: 5e2e4ccbeaaf71a6206f9183bccabfd5619390298f6e225c9bc3e2658a6d9564
                                • Opcode Fuzzy Hash: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
                                • Instruction Fuzzy Hash: E6118B75504280EFCB15CF54D5C4B15BBA2FB84218F28C6AAD8494BB96C33AD84ACB61
                                Function 075DAEA0 Relevance: .1, Instructions: 51COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: df5f00fad329d7b126f5eb2f47f332f49c8f2dee28e62bdbc3e6e4494dfebff2
                                • Instruction ID: 653f1b77f388907c2b4015daa731738851f28e39547fdad1282c173a70bc53c1
                                • Opcode Fuzzy Hash: df5f00fad329d7b126f5eb2f47f332f49c8f2dee28e62bdbc3e6e4494dfebff2
                                • Instruction Fuzzy Hash: 0B11B275E002198FCF04CFE8C8809ADBBB2FF48314F20816AE919AB265D7325956CB50
                                Function 075DE410 Relevance: .0, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6583fba97665442a3506186b5ac1535222d797596f72589cbe6b20a3957a1933
                                • Instruction ID: 2a406ad9ac1a017826d332170c1242318bb508195f368ff21e59aa9e16c40660
                                • Opcode Fuzzy Hash: 6583fba97665442a3506186b5ac1535222d797596f72589cbe6b20a3957a1933
                                • Instruction Fuzzy Hash: 5801F1F0915249CFDB20DFA8E8496ED77BAFB8A301F0089388105AB648FF785C15CB52
                                Function 02D0D759 Relevance: .0, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1404391371.0000000002D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D0D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2d0d000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2cd3024ed10d9bd61c5ee2e16cbe6144ff1e428ceee59495a0d6886e2216ff0c
                                • Instruction ID: f44b23e5222dbcd4c406d015031ff8cf80161eb3be9b929a9b751311567ffe0e
                                • Opcode Fuzzy Hash: 2cd3024ed10d9bd61c5ee2e16cbe6144ff1e428ceee59495a0d6886e2216ff0c
                                • Instruction Fuzzy Hash: A601A2311043409BE7108AA6DDC4B66FB99DF81625F18C55BED4A4A3D6C779EC40CAB2
                                Function 075D85B0 Relevance: .0, Instructions: 43COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2b571b6abe537f4ba213123ae276ffb28b4015a4e9d311229139b670e8802ee2
                                • Instruction ID: 72585cc1f1d1626a878d2801337099e181deeda6df6082cc7525eb2bbda972b6
                                • Opcode Fuzzy Hash: 2b571b6abe537f4ba213123ae276ffb28b4015a4e9d311229139b670e8802ee2
                                • Instruction Fuzzy Hash: 72012CB4D05249AFCB55DFA8C9406EEBBF5FF49200F1085AAD414E7341EB349E05CBA1
                                Function 075D6055 Relevance: .0, Instructions: 42COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a4ee0991cdd06d49d6744b753dd4c32ddfc114d0b72e45adc228bb1dbd3b0425
                                • Instruction ID: 61a57ebe116f2188345afa96762620bb034bbd4041a41375ab2d96f90a5d2bfd
                                • Opcode Fuzzy Hash: a4ee0991cdd06d49d6744b753dd4c32ddfc114d0b72e45adc228bb1dbd3b0425
                                • Instruction Fuzzy Hash: 22011AF1800219DEEB20DF69C9447EEBBF5FF44364F15862AE424AB190D3744A85CBD0
                                Function 075DCAF0 Relevance: .0, Instructions: 41COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dfa31addd2eda3e3668e9127c9a78f8484f7e1e7cffbf592e5adec9de91369e9
                                • Instruction ID: 63aa4d2c1840318ffb90b9647dc397046a7ca679f637cf32983010a45646f49c
                                • Opcode Fuzzy Hash: dfa31addd2eda3e3668e9127c9a78f8484f7e1e7cffbf592e5adec9de91369e9
                                • Instruction Fuzzy Hash: DC01D674A18108DFDB04DBA9C599AADBBFAFB4A200F558095E40997361DB30DE41EB50
                                Function 075D85C0 Relevance: .0, Instructions: 40COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7777ffffb82f745ac32481510f9f4b52a50f944a4310b93e0286b258666d53f4
                                • Instruction ID: a1c62580591725359118e5752885c3764f3b66316e55ad5debcde9aa53f68924
                                • Opcode Fuzzy Hash: 7777ffffb82f745ac32481510f9f4b52a50f944a4310b93e0286b258666d53f4
                                • Instruction Fuzzy Hash: 900196B4E15209AFCB54DFA9C9406AEBBF5FB49310F1085AA9819E3341EB35AE01CB51
                                Function 075D60F0 Relevance: .0, Instructions: 40COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e3ef298488d659e7c8c05ac72dff1701e0d920c3e67d2a608d8fc76672aa6af3
                                • Instruction ID: 9b7f1a92790f4860276c392c2c2294eac840f47d2a97d6c0ed50ee68ecaf02ef
                                • Opcode Fuzzy Hash: e3ef298488d659e7c8c05ac72dff1701e0d920c3e67d2a608d8fc76672aa6af3
                                • Instruction Fuzzy Hash: 21F096717042A42F9305867A9C84EABBFE9EBC932031581AAF448CB352C9308C0587A0
                                Function 075D6C18 Relevance: .0, Instructions: 40COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7c7c10c5129823f5fd923e031008da632962ab8683b27d77a11316bb6fa8d8ad
                                • Instruction ID: a6c8440417f02618f867b4af3bc2b97f810ce9746e431ce1db4980f5f9794cf3
                                • Opcode Fuzzy Hash: 7c7c10c5129823f5fd923e031008da632962ab8683b27d77a11316bb6fa8d8ad
                                • Instruction Fuzzy Hash: 5C0116B4D0534A9FCB15CFB8D5052EEBBF0FB49200F0084AAD805E3352EB309A05CB92
                                Function 075D7EF9 Relevance: .0, Instructions: 39COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0187ad59da196f612e1e24812e75b672c134d10331ca372c0523b361c8423281
                                • Instruction ID: 45fec698ee1f3a9f91caa099559a3fe53eb26ea662cf46153dae348860c5035b
                                • Opcode Fuzzy Hash: 0187ad59da196f612e1e24812e75b672c134d10331ca372c0523b361c8423281
                                • Instruction Fuzzy Hash: 77F0CDF29092068FCB22CBA8C905AEEBBB9FB0A310F144997D414D3201D7308A02CB61
                                Function 075DCA78 Relevance: .0, Instructions: 39COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 43648cb9fb6f359388cedeee953bd5531cd5d726b97ba747c6c375af64afe398
                                • Instruction ID: 9eb59e15e24921ed13347bc73b039e7d72aabeee180165e8b803d83342e7c287
                                • Opcode Fuzzy Hash: 43648cb9fb6f359388cedeee953bd5531cd5d726b97ba747c6c375af64afe398
                                • Instruction Fuzzy Hash: F0F03CB4919209DFCB24DF5AD5419ECBBB9BB4A201F48DEA5D4099B211DF309E01DB60
                                Function 075DBE7E Relevance: .0, Instructions: 38COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8f882b30b268248822566fed4e7697a80dfb53afde0ef8e6f977fc77d7ba1036
                                • Instruction ID: 974fada387dda748c25c30af191ce71c1da7ec3a2c17e9c3e213d1bbb9554c87
                                • Opcode Fuzzy Hash: 8f882b30b268248822566fed4e7697a80dfb53afde0ef8e6f977fc77d7ba1036
                                • Instruction Fuzzy Hash: EC0125B4908218CFCB24CFA8C994AECBBB6FF0A311F1145A9D40AAB351CB309D46CF10
                                Function 075DC376 Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b067eb5907c2ff8a8e972a16de94fb33ed301ccd89115b22b94e927206933e77
                                • Instruction ID: 94325ce95115ead7875492596d9190b9d19ad4c8343985b42307205036aa7f43
                                • Opcode Fuzzy Hash: b067eb5907c2ff8a8e972a16de94fb33ed301ccd89115b22b94e927206933e77
                                • Instruction Fuzzy Hash: 45011DF4519148CFCB35DB68D5A5ADC7B7BFF0A201F154989D41AAB245C730AC85CB20
                                Function 075D6C28 Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0b545764bcff9263d9b6193ac58d89266f411cc6a44aca8956fcf3f61f79c3a4
                                • Instruction ID: 307a3c8a528d0fefd39fa6e6abce057394d3a5736233a5f07ab6ccdd2f67ca77
                                • Opcode Fuzzy Hash: 0b545764bcff9263d9b6193ac58d89266f411cc6a44aca8956fcf3f61f79c3a4
                                • Instruction Fuzzy Hash: 3401F6B4D1420ADFCB64DFA8C5056EEBBF4FB49300F10846AD809E3350EB309A02CB51
                                Function 075D83D8 Relevance: .0, Instructions: 36COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a0179ab480b115967cd5a38dc58647aa9b9404b4ced3c19b0cb92405227989bb
                                • Instruction ID: 354e422b31933368c59aeefec748d3ce7437292ce6dc7876243f3c5346a8e623
                                • Opcode Fuzzy Hash: a0179ab480b115967cd5a38dc58647aa9b9404b4ced3c19b0cb92405227989bb
                                • Instruction Fuzzy Hash: 8CF04FB0D0420AAFDB54DFA8C885AEEBFF4FB08314F00895AE514E7242D77096058F91
                                Function 075D7049 Relevance: .0, Instructions: 36COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ce94f1ec8cd040f9a8307f6a0facf6155cbabe06f658a26c622ac069ce8f87e7
                                • Instruction ID: 686cd8b784581ea9cbecf3a8ad94eb7eb4bc2c4d843ea8583f99f49e60aeec16
                                • Opcode Fuzzy Hash: ce94f1ec8cd040f9a8307f6a0facf6155cbabe06f658a26c622ac069ce8f87e7
                                • Instruction Fuzzy Hash: BDF0E9B2604144AFEB05CF68DC41DDEBFBAEF45224B0485ABE004D7221E2319D10C764
                                Function 075D5898 Relevance: .0, Instructions: 36COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7500e911a3cf3e524fc994fe8d02b470c4388cdc0918948aa91dc365b7980c76
                                • Instruction ID: 94321dc7d54859573153e0132a41b17edf80e31156add3b2058a3ec883bcce06
                                • Opcode Fuzzy Hash: 7500e911a3cf3e524fc994fe8d02b470c4388cdc0918948aa91dc365b7980c76
                                • Instruction Fuzzy Hash: D7F0F87642A3A15BF702AF7CA8B13CE7FA25E93124B098493C0808E453D414888EC6EF
                                Function 02D0D758 Relevance: .0, Instructions: 36COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1404391371.0000000002D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D0D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2d0d000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4f6bbfc1ec34008662fe0e3469035ba46989471c2f76601e3db2339712533547
                                • Instruction ID: 70a9725b29aad3d311c0734df29f4286b016e61a5721783e286144674c3d4686
                                • Opcode Fuzzy Hash: 4f6bbfc1ec34008662fe0e3469035ba46989471c2f76601e3db2339712533547
                                • Instruction Fuzzy Hash: 9BF0CD32004340AEEB208A06DDC4B62FBA8EF80634F18C55BED094B3D6C379AC40CAB1
                                Function 075D32D0 Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 252b34fd747ae9c90650af5cb72537fc7b619413a6ce4eb7f6d55076dfd9211b
                                • Instruction ID: 4503a004de71dd4bb0075fb87e56828ca8348ea11b181d662e496dd3746ffacf
                                • Opcode Fuzzy Hash: 252b34fd747ae9c90650af5cb72537fc7b619413a6ce4eb7f6d55076dfd9211b
                                • Instruction Fuzzy Hash: 41F0ECB4E05209DFCB54DFA8C5416AEB7F5FB46304F5089AAC814E7340EB759E05CB41
                                Function 075D5540 Relevance: .0, Instructions: 34COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 893507e993802104bf2652454072d2b3de7130f8023098f126e138167eec3d24
                                • Instruction ID: b39119c06ee1dc06691b02f48fbb532e2c3cca68c7422a97ee76087d274b7223
                                • Opcode Fuzzy Hash: 893507e993802104bf2652454072d2b3de7130f8023098f126e138167eec3d24
                                • Instruction Fuzzy Hash: ADE092AA00F3C16EF3131264AD169F27F2CF9931983099183E984DE033C408495AA773
                                Function 075D43B0 Relevance: .0, Instructions: 34COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ef608d0e308246e9979ea797c2b536141664894bace7c3d92fbbca175c9ccdab
                                • Instruction ID: d359e5e579a522eac729071cfe80a280df9c8261e58732cc775a87174ed6586b
                                • Opcode Fuzzy Hash: ef608d0e308246e9979ea797c2b536141664894bace7c3d92fbbca175c9ccdab
                                • Instruction Fuzzy Hash: 22F06DB4D0938ADFCB15CFA8C9455ADBFB4FB46310F1482AAD814D7251DB748A87CB50
                                Function 075D6060 Relevance: .0, Instructions: 34COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dd78aa4ff7aea80b9f5b8b38cbcac0f711034028f1aa0a3f656665a7bd72b648
                                • Instruction ID: 85eff704e09aa4d6574cf9e558550d9507f07beae583e9459d6588f37e2bb481
                                • Opcode Fuzzy Hash: dd78aa4ff7aea80b9f5b8b38cbcac0f711034028f1aa0a3f656665a7bd72b648
                                • Instruction Fuzzy Hash: F201A8B0800219DFDB24DF6AC4047EEBBF5FF493A4F158625E424AB290D7754A45CBD1
                                Function 075D8549 Relevance: .0, Instructions: 33COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b878eb4aaf92eff0726b29473631201a8c8687bbe6e6f24f71bef2f23a463854
                                • Instruction ID: 2929784f4472c6b7c750605aa6032ed935bebfc0502ae967d56c490267e8c2fc
                                • Opcode Fuzzy Hash: b878eb4aaf92eff0726b29473631201a8c8687bbe6e6f24f71bef2f23a463854
                                • Instruction Fuzzy Hash: 3FF06DF48083459FCB21CFA8D9452DDBFB0FF06214F0486EAD854A3252D7305A45CB81
                                Function 075D43C0 Relevance: .0, Instructions: 33COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dc96a6bee9225d26fa669c39065e396775885de6b21ace3cba9d9b629ba2c270
                                • Instruction ID: 09a2b82ea56f63252b96d0de0dce8089d3f4aaf4eabe8e5c55deb7d12a231a87
                                • Opcode Fuzzy Hash: dc96a6bee9225d26fa669c39065e396775885de6b21ace3cba9d9b629ba2c270
                                • Instruction Fuzzy Hash: FDF0E7B4D0520ADFCB14DFA9D5456EEBBF4FB49300F10856AD818E3300EB309A41CB91
                                Function 075D7F50 Relevance: .0, Instructions: 33COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cb71c2d24574a4adb7c2202d44b00b6a4ce95b1bab3c1a544ae445b9c99e005b
                                • Instruction ID: 42203c49722bf49246ba3682eb0be8261eb6ef71c3b190e61727ed65fd5805f5
                                • Opcode Fuzzy Hash: cb71c2d24574a4adb7c2202d44b00b6a4ce95b1bab3c1a544ae445b9c99e005b
                                • Instruction Fuzzy Hash: 24F097B4D1520ADFCB54DFA9D5456EEBBF5FB49300F1099AAD818E3300EB309A02CB51
                                Function 075D3D21 Relevance: .0, Instructions: 33COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 66c780968d2e67cbef8b523041a2e4e7c69944bc1d0643950156d354e75565e9
                                • Instruction ID: 1939d30e5191680e177cca4d3a59385ce47b88ee54cbd8aaaf6b0340c40dd02e
                                • Opcode Fuzzy Hash: 66c780968d2e67cbef8b523041a2e4e7c69944bc1d0643950156d354e75565e9
                                • Instruction Fuzzy Hash: B6F0CDB48082899FCB62CF78C8416DCBFB1EF03214F0486DAD8149B662C7300942CB41
                                Function 075D6100 Relevance: .0, Instructions: 32COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d8a16fbd3f3b4c4ba0b99f65e352584cc5448cd487ac929d7e7cbbfb35172436
                                • Instruction ID: 45d6249215cae8fc9e9db257cf48399655b913ee25854cbf149b9ce9350028af
                                • Opcode Fuzzy Hash: d8a16fbd3f3b4c4ba0b99f65e352584cc5448cd487ac929d7e7cbbfb35172436
                                • Instruction Fuzzy Hash: 53E06D727002286F9304DAAEDC84E6BBBEEFBCC770711807AF908C7320D9319C0086A0
                                Function 075D8558 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0e3d8df95d530a8f1c6ae301fe762c8a434eb0664c5f2bde317345ed15ddf0be
                                • Instruction ID: c71cd644e53660be33863f2957f04df7362fccdf4dee72e4fc14309c3e46a041
                                • Opcode Fuzzy Hash: 0e3d8df95d530a8f1c6ae301fe762c8a434eb0664c5f2bde317345ed15ddf0be
                                • Instruction Fuzzy Hash: F9F062F4D14219EFCB54EFA9D9456EDBBF4FB4A200F1099AAD829E3200E7706A458F40
                                Function 075D3D30 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2c8e17c6bf5728103eacb11a38f19b5ec6e8354115f0d7788bac7f9fab47646e
                                • Instruction ID: 42d705d793ed531c64edbf1232b9804893e20a5a08e32dc345791d3845251531
                                • Opcode Fuzzy Hash: 2c8e17c6bf5728103eacb11a38f19b5ec6e8354115f0d7788bac7f9fab47646e
                                • Instruction Fuzzy Hash: 6CF0A4B4D14209EFCB94EFA9C5556EDBBF4FB09240F1099AAD819E3210E7705A418F41
                                Function 075D83E8 Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1bc84c502ba14f886e7278492d530d743d5b6022e85d0cd12d5b97f4e436671b
                                • Instruction ID: 5c3e5be776ca146492aaa7daf6a274308a00b77967fde8e0416ffdad01146b6e
                                • Opcode Fuzzy Hash: 1bc84c502ba14f886e7278492d530d743d5b6022e85d0cd12d5b97f4e436671b
                                • Instruction Fuzzy Hash: 5CF0DAB0D0420A9FDB54DFA9C846AAEBBF4FB48204F1089AAD918E7301D77099048B91
                                Function 075DBD8C Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fa11b62d628a8797095a11f4538e61a9f175ebcba788f649c3d5aadcc5ebf1ae
                                • Instruction ID: 96157b3464d6e9ab4f324076281e6351d71984bfb6a36a7045f505b47b4f8327
                                • Opcode Fuzzy Hash: fa11b62d628a8797095a11f4538e61a9f175ebcba788f649c3d5aadcc5ebf1ae
                                • Instruction Fuzzy Hash: 3EF017F1919218CFCB24CFA8D594AECBBB7FB0A301F105586D40AAB255C730AD81CF60
                                Function 075D8688 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 20f000822e9e2c7e58667bdff4058326c334a0930030be0d664a3340b6fc5703
                                • Instruction ID: 87b74b1efe03f40312219b560ed47a4270298ffe25e6a1b3a4a19bc699d17eb7
                                • Opcode Fuzzy Hash: 20f000822e9e2c7e58667bdff4058326c334a0930030be0d664a3340b6fc5703
                                • Instruction Fuzzy Hash: 92F0C9B4D15208AFCB50DFB8D5456EDBFF4EB0A211F2085A9D409E3200E730AA40CF44
                                Function 075D8380 Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7f29323bb028637bb61f78a0dac4005219fadb65913a56ab0b649a5536334fdb
                                • Instruction ID: 7b2a2c7f2333659ce760570e2288a56a4eca1b62d12825a6b6d61cb0370d8fff
                                • Opcode Fuzzy Hash: 7f29323bb028637bb61f78a0dac4005219fadb65913a56ab0b649a5536334fdb
                                • Instruction Fuzzy Hash: AEF039B0D14209EFD740DF68DD45ADABBF8BB08204F20856AE019E7212E7B49A008FA1
                                Function 075DF8C0 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5243548b12edac224729889f40acc3065f34d37cd3c737a1c981391b4ae39666
                                • Instruction ID: 9ac8fa2f14e83853cf155db63de0c13a6e8fd1cbd9109b9121670783c8f90674
                                • Opcode Fuzzy Hash: 5243548b12edac224729889f40acc3065f34d37cd3c737a1c981391b4ae39666
                                • Instruction Fuzzy Hash: 20F03975E0020CEFCF54EFA9D444A8CBBB5EB48300F00C0AAE818A3350DA309A51DF51
                                Function 075D5FBD Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c0d7a022913a3c73404938a1509b8195c9f0e9836714ca3c19f2dbc20b0229d5
                                • Instruction ID: 24a96230d51d2fc61f63b30fd0368172a80711c6d4095bb6f1c5dfd3a7574f5f
                                • Opcode Fuzzy Hash: c0d7a022913a3c73404938a1509b8195c9f0e9836714ca3c19f2dbc20b0229d5
                                • Instruction Fuzzy Hash: 76E0CDB7C001259B87209BE4AE055DFFF34FB05611B004512E40167600D3300B75D7D1
                                Function 075DBF4F Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9ab4e1fdc6c0e9e1e7dbb4e8ed5cd7fd6189a2619a3fa9d2e5895412890c12fb
                                • Instruction ID: a19bab01d01c856a23514a86efcf296bc5db092c6b605fea2f5eb401b333ea11
                                • Opcode Fuzzy Hash: 9ab4e1fdc6c0e9e1e7dbb4e8ed5cd7fd6189a2619a3fa9d2e5895412890c12fb
                                • Instruction Fuzzy Hash: E1E06D70528155CFD720DF28C455AEC7B3AFF06200F4181E5D88A1B166CB30AD41CF21
                                Function 075D4E90 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 511841e3de18918092d23099f9ce87652315c3dca5091148fa160b8f60ecf1a8
                                • Instruction ID: aec520238b770161e123902bdcbe25feee043cd4c9bc660ecb492f6f14412afc
                                • Opcode Fuzzy Hash: 511841e3de18918092d23099f9ce87652315c3dca5091148fa160b8f60ecf1a8
                                • Instruction Fuzzy Hash: D6E08CB0801249EBCB20EBA884096ED76B4FB0A201F50059DC80563240DB300E489783
                                Function 075D8390 Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: df4da09a19bc557f135393be32115ab471f5107ef7e7070d3ca74bc59679b555
                                • Instruction ID: 60187d0da30369295b844831a3e0f00f9e6a1b245d2593cec0afcad0f4f9fe0a
                                • Opcode Fuzzy Hash: df4da09a19bc557f135393be32115ab471f5107ef7e7070d3ca74bc59679b555
                                • Instruction Fuzzy Hash: D9E0B6B0D44209DFD750EFBDC905A9EBBF0BF08600F2189A9D019E7251E7B49A048F91
                                Function 075D55D0 Relevance: .0, Instructions: 17COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 74d2264db512cfe85c6f2c941631fddf08613e9e6e62f1944bf89102c562d800
                                • Instruction ID: d81a44ee9d3f85b2aab4704763e86f8bdc90ab4be4d876c78fe1dbfebd683206
                                • Opcode Fuzzy Hash: 74d2264db512cfe85c6f2c941631fddf08613e9e6e62f1944bf89102c562d800
                                • Instruction Fuzzy Hash: 60D012B600A5C06EF3073610AC19DB27F6CFAD6248305C583E880D9032C4104D68A762
                                Function 075D5FC8 Relevance: .0, Instructions: 16COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                                • Instruction ID: b947ee682a1a9cd24431b1e016fda8feace7aad0b6c790fd31e72448aa071d08
                                • Opcode Fuzzy Hash: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                                • Instruction Fuzzy Hash: 6FD09EB2D00139978B10AFE9DC054DFFF79EF05650F418126E915AB100E3715A21DBD1
                                Function 075DA4A0 Relevance: .0, Instructions: 15COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2e332173fe9f9aae9c83458d7ac7526c2ecb6cd0a61ace65e37248701c246b9f
                                • Instruction ID: 1e251d37b8297ab848d13e4520bd129b24e96e06a7db18da90830bbfa0e8fa01
                                • Opcode Fuzzy Hash: 2e332173fe9f9aae9c83458d7ac7526c2ecb6cd0a61ace65e37248701c246b9f
                                • Instruction Fuzzy Hash: CDD0A72140F7404FD3122769641CAA93EB44747131F094682E07C850E2DA540C1587A1
                                Function 075DA420 Relevance: .0, Instructions: 13COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 192de8b12343d213d2a9585d366258316f67b595b462b8988a686a8f390b3a68
                                • Instruction ID: 024fd5c13ed3dbceb65c8cef8a64437b6637b58eb014e38db145ba147c0b8dc3
                                • Opcode Fuzzy Hash: 192de8b12343d213d2a9585d366258316f67b595b462b8988a686a8f390b3a68
                                • Instruction Fuzzy Hash: D6D0A7714057844FD3115768A91FAD43EB05B02103F4800A5E08C850B2DBD84C10CB12
                                Function 075DC41F Relevance: .0, Instructions: 11COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 074b57af579664e61c947c4be613f3e359a279a4c84395cbacbe26a7c2ebc00b
                                • Instruction ID: b9f8d20e54315ba5ff75dd413ef24fdf0747d02818949a063a8145fe128dc7f3
                                • Opcode Fuzzy Hash: 074b57af579664e61c947c4be613f3e359a279a4c84395cbacbe26a7c2ebc00b
                                • Instruction Fuzzy Hash: E5D0C9B4918214CFCB14CE45C9057F97A76BB8E241F005451D85E62210CB300D41CAA0
                                Function 075DA5E7 Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 47430d0eb5b2636ff9dbb546cdc4396bd16fd68fee5c57df4d2e4a879f3fa20f
                                • Instruction ID: 44d2d5f4c26c7d3834c38928e4637589d2aaa10b94c4c34c7ffe103dffad3257
                                • Opcode Fuzzy Hash: 47430d0eb5b2636ff9dbb546cdc4396bd16fd68fee5c57df4d2e4a879f3fa20f
                                • Instruction Fuzzy Hash: 10D092B092421ACBDF20CF18D858BA9BBB6FB05300F0184A8901967600DB385E85CF92
                                Function 075DA430 Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 136ca91ee1c0edf42b8a228351d2cf29edf6191c9bce514180ff7dbbb365f788
                                • Instruction ID: a5e5219b84e193c42af4be3539b03275c81ff8db3f7f7d51e91595443c0d041d
                                • Opcode Fuzzy Hash: 136ca91ee1c0edf42b8a228351d2cf29edf6191c9bce514180ff7dbbb365f788
                                • Instruction Fuzzy Hash: 77C08C720016088BE2242BAEB50FBA83AA86742206F800014E00C40460AFE40810CB66
                                Function 075DA4B0 Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: afe5d6e8183994d2ea7f7b38ee7eb15d89d654034745383f6d4a5b2ec8017258
                                • Instruction ID: fa4293779209ed84989effe6d511688adbf49b64b87ef3fbe82b198916c75609
                                • Opcode Fuzzy Hash: afe5d6e8183994d2ea7f7b38ee7eb15d89d654034745383f6d4a5b2ec8017258
                                • Instruction Fuzzy Hash: 2FB02B7101370947D224224EB00D7B93ADC5343201F000400E00C404501FA00C00CBF4
                                Function 075DC4B0 Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 22b490b94556cd7767d3169dcae92c8c352cc6ee602c2e990844497efe64247d
                                • Instruction ID: b8b8cad3fcf893bf1b1db6b5b3914b6cf96cb5c905732766ec883bcbd82ad7d0
                                • Opcode Fuzzy Hash: 22b490b94556cd7767d3169dcae92c8c352cc6ee602c2e990844497efe64247d
                                • Instruction Fuzzy Hash: F9C012B1009500CFCB25AF74C26E0A87E77FF0E70270044A8E80A86A92CF329C81CB91
                                Function 075D7029 Relevance: .0, Instructions: 9COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d236e947310521874f41f4f853d7de846ae1c28f1192231eae65d05f07b7972a
                                • Instruction ID: f0af638896df0b976b50bdb727b0c17cb01178384364d0c0560b06b981a598e7
                                • Opcode Fuzzy Hash: d236e947310521874f41f4f853d7de846ae1c28f1192231eae65d05f07b7972a
                                • Instruction Fuzzy Hash: C9B012A611010566B12451308D82AE54B14F1E032C2948212A60110401855069678173
                                Function 075D58E4 Relevance: .0, Instructions: 8COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a6f46bf422d943cb34e10e1b2b268a85355e2d162ca1eeee175bccf43fc3cef6
                                • Instruction ID: 1bf99a0ec3b6f722cae8da3eba5320f5d299134c80915fcaa03914240e930024
                                • Opcode Fuzzy Hash: a6f46bf422d943cb34e10e1b2b268a85355e2d162ca1eeee175bccf43fc3cef6
                                • Instruction Fuzzy Hash: 22B012B9175201F35424A3BC4C80F6FA212FBFA710FC0CC0132050204085B14C35D62B

                                Non-executed Functions

                                Function 07750CA0 Relevance: .3, Instructions: 312COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410185671.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7750000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ea08bceadc0dcf4eb7b3de814e081f226393485bfe6542840b28acf217683cc0
                                • Instruction ID: 5a33e9064daecf58d0d49c121eb6e8747f4ab3dd16309507416a76df2325c0f8
                                • Opcode Fuzzy Hash: ea08bceadc0dcf4eb7b3de814e081f226393485bfe6542840b28acf217683cc0
                                • Instruction Fuzzy Hash: F0E12BB4E002198FDB14DFA8C580AAEFBB2FF89305F248169D818A7355D771AD41CFA1
                                Function 077502A0 Relevance: .3, Instructions: 312COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410185671.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7750000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 28884eb730e078246faebf86f8d1730dc1d2df2b110f0f7b3e07fefe9f00e271
                                • Instruction ID: 5382db0526c7cc7f8f26ad84db81b538c5b25be0d6139a19a587bb978951ccb1
                                • Opcode Fuzzy Hash: 28884eb730e078246faebf86f8d1730dc1d2df2b110f0f7b3e07fefe9f00e271
                                • Instruction Fuzzy Hash: 4AE11BB4E002198FDB14CFA9C580AAEFBB2FF89305F248169D815A7355D774AD41CFA1
                                Function 075D6669 Relevance: .3, Instructions: 288COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f40b6b8c14186c00fa3d1abb7a7216ff5d90d06af3228b1bcc8f3ea093930d5b
                                • Instruction ID: ca6d5eb5b31fb65d0967f1a3e8eeed6dc35f6ca0c35805daebbcea8c925924fc
                                • Opcode Fuzzy Hash: f40b6b8c14186c00fa3d1abb7a7216ff5d90d06af3228b1bcc8f3ea093930d5b
                                • Instruction Fuzzy Hash: 0EE10635C2061ACACB11EF64D990AD9B7B1FF95300F60C7AAE0093B650EB746AD5CF91
                                Function 02EED57C Relevance: .3, Instructions: 264COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1404900781.0000000002EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EE0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2ee0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b833760053cabf4e1c88304189520124df2c420e0ee8cfc16836b3560534f786
                                • Instruction ID: 02322872eadd018616fb8855b56e59e5a48ed2ad3bdfd0b8acad178bc45e3caa
                                • Opcode Fuzzy Hash: b833760053cabf4e1c88304189520124df2c420e0ee8cfc16836b3560534f786
                                • Instruction Fuzzy Hash: 71A17032E502098FCF09DFB4C8409DEBBB2FF85304B15956AE806AB265DB71D906CF90
                                Function 075D6678 Relevance: .3, Instructions: 264COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b8bc6fc8fee1108180391df301f35c1010b15170aecdec234721aefce97ae706
                                • Instruction ID: 325606ffbbcbee85c1a82f5fe1fc89df23e75661b91c25fa97202180f04b3a47
                                • Opcode Fuzzy Hash: b8bc6fc8fee1108180391df301f35c1010b15170aecdec234721aefce97ae706
                                • Instruction Fuzzy Hash: 91D1E531C2065ACACB01EF64D990AD9B7B1FF95300F60C7AAE0093B650EB746AD5CF91
                                Function 07750C90 Relevance: .1, Instructions: 137COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410185671.0000000007750000.00000040.00000800.00020000.00000000.sdmp, Offset: 07750000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7750000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6e82d7d2bf2e8ea4fef90b97597593ee5709839ec4f647d0f9de52e06b4f4af7
                                • Instruction ID: d94e0615ce3874cf75cbfa00498959a2a664d7f9662e628b0467bf6bab4717d1
                                • Opcode Fuzzy Hash: 6e82d7d2bf2e8ea4fef90b97597593ee5709839ec4f647d0f9de52e06b4f4af7
                                • Instruction Fuzzy Hash: A65119B4E002198FDB14CFA9D5805AEFBB2FF89304F24856AD818A7255DB359D41CFA1
                                Function 075D34A8 Relevance: .1, Instructions: 107COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1410128804.00000000075D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 075D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_75d0000_NEW ORDER- 4788467.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a4150b24b1e5914f60746ee3a64d1fba7bed81febb8b89e908540c9f1d5648c2
                                • Instruction ID: b36052bb90a124e07841cd0a87ca8ab586492231c1bd7860d883e0472d06e91b
                                • Opcode Fuzzy Hash: a4150b24b1e5914f60746ee3a64d1fba7bed81febb8b89e908540c9f1d5648c2
                                • Instruction Fuzzy Hash: 81418AB5E016198BEB68CF6ACD407DAFBF3BFC9200F14C1A6D408AB655DB3059858F51

                                Execution Graph

                                Execution Coverage:2%
                                Dynamic/Decrypted Code Coverage:0%
                                Signature Coverage:2.1%
                                Total number of Nodes:753
                                Total number of Limit Nodes:17
                                execution_graph 47135 434918 47136 434924 CallCatchBlock 47135->47136 47162 434627 47136->47162 47138 43492b 47140 434954 47138->47140 47450 434a8a IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 47138->47450 47141 434993 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 47140->47141 47451 4442d2 5 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 47140->47451 47146 4349f3 47141->47146 47453 443487 35 API calls 4 library calls 47141->47453 47143 43496d 47145 434973 CallCatchBlock 47143->47145 47452 444276 5 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 47143->47452 47173 434ba5 47146->47173 47155 434a15 47156 434a1f 47155->47156 47455 4434bf 28 API calls _Atexit 47155->47455 47158 434a28 47156->47158 47456 443462 28 API calls _Atexit 47156->47456 47457 43479e 13 API calls 2 library calls 47158->47457 47161 434a30 47161->47145 47163 434630 47162->47163 47458 434cb6 IsProcessorFeaturePresent 47163->47458 47165 43463c 47459 438fb1 10 API calls 4 library calls 47165->47459 47167 434641 47168 434645 47167->47168 47460 44415f IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 47167->47460 47168->47138 47170 43464e 47171 43465c 47170->47171 47461 438fda 8 API calls 3 library calls 47170->47461 47171->47138 47462 436f10 47173->47462 47176 4349f9 47177 444223 47176->47177 47464 44f0d9 47177->47464 47179 434a02 47182 40ea00 47179->47182 47180 44422c 47180->47179 47468 446895 35 API calls 47180->47468 47470 41cbe1 LoadLibraryA GetProcAddress 47182->47470 47184 40ea1c GetModuleFileNameW 47475 40f3fe 47184->47475 47186 40ea38 47490 4020f6 47186->47490 47189 4020f6 28 API calls 47190 40ea56 47189->47190 47496 41beac 47190->47496 47194 40ea68 47522 401e8d 47194->47522 47196 40ea71 47197 40ea84 47196->47197 47198 40eace 47196->47198 47727 40fbee 116 API calls 47197->47727 47528 401e65 47198->47528 47201 40eade 47205 401e65 22 API calls 47201->47205 47202 40ea96 47203 401e65 22 API calls 47202->47203 47204 40eaa2 47203->47204 47728 410f72 36 API calls __EH_prolog 47204->47728 47206 40eafd 47205->47206 47533 40531e 47206->47533 47209 40eb0c 47538 406383 47209->47538 47210 40eab4 47729 40fb9f 77 API calls 47210->47729 47214 40eabd 47730 40f3eb 70 API calls 47214->47730 47220 401fd8 11 API calls 47221 40ef36 47220->47221 47454 443396 GetModuleHandleW 47221->47454 47222 401fd8 11 API calls 47223 40eb36 47222->47223 47224 401e65 22 API calls 47223->47224 47225 40eb3f 47224->47225 47555 401fc0 47225->47555 47227 40eb4a 47228 401e65 22 API calls 47227->47228 47229 40eb63 47228->47229 47230 401e65 22 API calls 47229->47230 47231 40eb7e 47230->47231 47232 40ebe9 47231->47232 47731 406c59 28 API calls 47231->47731 47233 401e65 22 API calls 47232->47233 47239 40ebf6 47233->47239 47235 40ebab 47236 401fe2 28 API calls 47235->47236 47237 40ebb7 47236->47237 47238 401fd8 11 API calls 47237->47238 47241 40ebc0 47238->47241 47240 40ec3d 47239->47240 47244 413584 3 API calls 47239->47244 47559 40d0a4 47240->47559 47732 413584 RegOpenKeyExA 47241->47732 47243 40ec43 47245 40eac6 47243->47245 47562 41b354 47243->47562 47251 40ec21 47244->47251 47245->47220 47249 40ec5e 47252 40ecb1 47249->47252 47579 407751 47249->47579 47250 40f38a 47769 4139e4 30 API calls 47250->47769 47251->47240 47735 4139e4 30 API calls 47251->47735 47254 401e65 22 API calls 47252->47254 47257 40ecba 47254->47257 47266 40ecc6 47257->47266 47267 40eccb 47257->47267 47259 40f3a0 47770 4124b0 65 API calls ___scrt_fastfail 47259->47770 47260 40ec87 47264 401e65 22 API calls 47260->47264 47261 40ec7d 47736 407773 30 API calls 47261->47736 47275 40ec90 47264->47275 47265 41bcef 28 API calls 47269 40f3ba 47265->47269 47739 407790 CreateProcessA CloseHandle CloseHandle ___scrt_fastfail 47266->47739 47272 401e65 22 API calls 47267->47272 47268 40ec82 47737 40729b 97 API calls 47268->47737 47771 413a5e RegOpenKeyExW RegDeleteValueW 47269->47771 47273 40ecd4 47272->47273 47583 41bcef 47273->47583 47275->47252 47279 40ecac 47275->47279 47276 40ecdf 47587 401f13 47276->47587 47738 40729b 97 API calls 47279->47738 47280 40f3cd 47283 401f09 11 API calls 47280->47283 47285 40f3d7 47283->47285 47287 401f09 11 API calls 47285->47287 47289 40f3e0 47287->47289 47288 401e65 22 API calls 47290 40ecfc 47288->47290 47772 40dd7d 27 API calls 47289->47772 47294 401e65 22 API calls 47290->47294 47292 40f3e5 47773 414f65 167 API calls _strftime 47292->47773 47296 40ed16 47294->47296 47297 401e65 22 API calls 47296->47297 47298 40ed30 47297->47298 47299 401e65 22 API calls 47298->47299 47300 40ed49 47299->47300 47301 40edb6 47300->47301 47302 401e65 22 API calls 47300->47302 47303 40edc5 47301->47303 47308 40ef41 ___scrt_fastfail 47301->47308 47306 40ed5e _wcslen 47302->47306 47304 401e65 22 API calls 47303->47304 47310 40ee4a 47303->47310 47305 40edd7 47304->47305 47307 401e65 22 API calls 47305->47307 47306->47301 47311 401e65 22 API calls 47306->47311 47309 40ede9 47307->47309 47742 413733 RegOpenKeyExA RegQueryValueExA RegCloseKey 47308->47742 47314 401e65 22 API calls 47309->47314 47332 40ee45 ___scrt_fastfail 47310->47332 47312 40ed79 47311->47312 47315 401e65 22 API calls 47312->47315 47316 40edfb 47314->47316 47317 40ed8e 47315->47317 47319 401e65 22 API calls 47316->47319 47599 40da6f 47317->47599 47318 40ef8c 47320 401e65 22 API calls 47318->47320 47323 40ee24 47319->47323 47321 40efb1 47320->47321 47743 402093 47321->47743 47328 401e65 22 API calls 47323->47328 47325 401f13 28 API calls 47327 40edad 47325->47327 47331 401f09 11 API calls 47327->47331 47329 40ee35 47328->47329 47657 40ce34 47329->47657 47330 40efc3 47749 4137aa 14 API calls 47330->47749 47331->47301 47332->47310 47740 413982 31 API calls 47332->47740 47336 40efd9 47338 401e65 22 API calls 47336->47338 47337 40eede ctype 47340 401e65 22 API calls 47337->47340 47339 40efe5 47338->47339 47750 43bb2c 39 API calls _strftime 47339->47750 47343 40eef5 47340->47343 47342 40eff2 47344 40f01f 47342->47344 47751 41ce2c 86 API calls ___scrt_fastfail 47342->47751 47343->47318 47345 401e65 22 API calls 47343->47345 47349 402093 28 API calls 47344->47349 47347 40ef12 47345->47347 47350 41bcef 28 API calls 47347->47350 47348 40f003 CreateThread 47348->47344 48066 41d4ee 10 API calls 47348->48066 47351 40f034 47349->47351 47352 40ef1e 47350->47352 47353 402093 28 API calls 47351->47353 47741 40f4af 103 API calls 47352->47741 47355 40f043 47353->47355 47752 41b580 79 API calls 47355->47752 47356 40ef23 47356->47318 47358 40ef2a 47356->47358 47358->47245 47359 40f048 47360 401e65 22 API calls 47359->47360 47361 40f054 47360->47361 47362 401e65 22 API calls 47361->47362 47363 40f066 47362->47363 47364 401e65 22 API calls 47363->47364 47365 40f086 47364->47365 47753 43bb2c 39 API calls _strftime 47365->47753 47367 40f093 47368 401e65 22 API calls 47367->47368 47369 40f09e 47368->47369 47370 401e65 22 API calls 47369->47370 47371 40f0af 47370->47371 47372 401e65 22 API calls 47371->47372 47373 40f0c4 47372->47373 47374 401e65 22 API calls 47373->47374 47375 40f0d5 47374->47375 47376 40f0dc StrToIntA 47375->47376 47754 409e1f 169 API calls _wcslen 47376->47754 47378 40f0ee 47379 401e65 22 API calls 47378->47379 47380 40f0f7 47379->47380 47381 40f13c 47380->47381 47755 43455e 47380->47755 47384 401e65 22 API calls 47381->47384 47389 40f14c 47384->47389 47385 401e65 22 API calls 47386 40f11f 47385->47386 47387 40f126 CreateThread 47386->47387 47387->47381 48069 41a045 102 API calls 2 library calls 47387->48069 47388 40f194 47390 401e65 22 API calls 47388->47390 47389->47388 47391 43455e new 22 API calls 47389->47391 47396 40f19d 47390->47396 47392 40f161 47391->47392 47393 401e65 22 API calls 47392->47393 47394 40f173 47393->47394 47397 40f17a CreateThread 47394->47397 47395 40f207 47398 401e65 22 API calls 47395->47398 47396->47395 47399 401e65 22 API calls 47396->47399 47397->47388 48067 41a045 102 API calls 2 library calls 47397->48067 47402 40f210 47398->47402 47400 40f1b9 47399->47400 47403 401e65 22 API calls 47400->47403 47401 40f255 47765 41b69e 79 API calls 47401->47765 47402->47401 47406 401e65 22 API calls 47402->47406 47404 40f1ce 47403->47404 47762 40da23 31 API calls 47404->47762 47407 40f225 47406->47407 47412 401e65 22 API calls 47407->47412 47408 40f25e 47409 401f13 28 API calls 47408->47409 47411 40f269 47409->47411 47414 401f09 11 API calls 47411->47414 47416 40f23a 47412->47416 47413 40f1e1 47417 401f13 28 API calls 47413->47417 47415 40f272 CreateThread 47414->47415 47420 40f293 CreateThread 47415->47420 47421 40f29f 47415->47421 48068 40f7e2 120 API calls 47415->48068 47763 43bb2c 39 API calls _strftime 47416->47763 47419 40f1ed 47417->47419 47422 401f09 11 API calls 47419->47422 47420->47421 48070 412132 137 API calls 47420->48070 47423 40f2b4 47421->47423 47424 40f2a8 CreateThread 47421->47424 47426 40f1f6 CreateThread 47422->47426 47428 40f307 47423->47428 47430 402093 28 API calls 47423->47430 47424->47423 48064 412716 38 API calls ___scrt_fastfail 47424->48064 47426->47395 48065 401a6d 49 API calls _strftime 47426->48065 47427 40f247 47764 40c19d 7 API calls 47427->47764 47767 41353a RegOpenKeyExA RegQueryValueExA RegCloseKey 47428->47767 47431 40f2d7 47430->47431 47766 4052fd 28 API calls 47431->47766 47434 40f31f 47434->47289 47438 41bcef 28 API calls 47434->47438 47440 40f338 47438->47440 47768 413656 31 API calls 47440->47768 47444 40f34e 47445 401f09 11 API calls 47444->47445 47448 40f359 47445->47448 47446 40f381 DeleteFileW 47447 40f388 47446->47447 47446->47448 47447->47265 47448->47446 47448->47447 47449 40f36f Sleep 47448->47449 47449->47448 47450->47138 47451->47143 47452->47141 47453->47146 47454->47155 47455->47156 47456->47158 47457->47161 47458->47165 47459->47167 47460->47170 47461->47168 47463 434bb8 GetStartupInfoW 47462->47463 47463->47176 47465 44f0eb 47464->47465 47466 44f0e2 47464->47466 47465->47180 47469 44efd8 48 API calls 4 library calls 47466->47469 47468->47180 47469->47465 47471 41cc20 LoadLibraryA GetProcAddress 47470->47471 47472 41cc10 GetModuleHandleA GetProcAddress 47470->47472 47473 41cc49 44 API calls 47471->47473 47474 41cc39 LoadLibraryA GetProcAddress 47471->47474 47472->47471 47473->47184 47474->47473 47774 41b539 FindResourceA 47475->47774 47479 40f428 ctype 47784 4020b7 47479->47784 47482 401fe2 28 API calls 47483 40f44e 47482->47483 47484 401fd8 11 API calls 47483->47484 47485 40f457 47484->47485 47486 43bda0 _Yarn 21 API calls 47485->47486 47487 40f468 ctype 47486->47487 47790 406e13 47487->47790 47489 40f49b 47489->47186 47491 40210c 47490->47491 47492 4023ce 11 API calls 47491->47492 47493 402126 47492->47493 47494 402569 28 API calls 47493->47494 47495 402134 47494->47495 47495->47189 47827 4020df 47496->47827 47498 41bf2f 47499 401fd8 11 API calls 47498->47499 47500 41bf61 47499->47500 47502 401fd8 11 API calls 47500->47502 47501 41bf31 47843 4041a2 28 API calls 47501->47843 47505 41bf69 47502->47505 47506 401fd8 11 API calls 47505->47506 47508 40ea5f 47506->47508 47507 41bf3d 47509 401fe2 28 API calls 47507->47509 47518 40fb52 47508->47518 47511 41bf46 47509->47511 47510 401fe2 28 API calls 47517 41bebf 47510->47517 47512 401fd8 11 API calls 47511->47512 47514 41bf4e 47512->47514 47513 401fd8 11 API calls 47513->47517 47515 41cec5 28 API calls 47514->47515 47515->47498 47517->47498 47517->47501 47517->47510 47517->47513 47831 4041a2 28 API calls 47517->47831 47832 41cec5 47517->47832 47519 40fb5e 47518->47519 47521 40fb65 47518->47521 47869 402163 11 API calls 47519->47869 47521->47194 47523 402163 47522->47523 47524 40219f 47523->47524 47870 402730 11 API calls 47523->47870 47524->47196 47526 402184 47871 402712 11 API calls std::_Deallocate 47526->47871 47529 401e6d 47528->47529 47530 401e75 47529->47530 47872 402158 22 API calls 47529->47872 47530->47201 47534 4020df 11 API calls 47533->47534 47535 40532a 47534->47535 47873 4032a0 47535->47873 47537 405346 47537->47209 47878 4051ef 47538->47878 47540 406391 47882 402055 47540->47882 47543 401fe2 47544 401ff1 47543->47544 47551 402039 47543->47551 47545 4023ce 11 API calls 47544->47545 47546 401ffa 47545->47546 47547 40203c 47546->47547 47548 402015 47546->47548 47549 40267a 11 API calls 47547->47549 47897 403098 28 API calls 47548->47897 47549->47551 47552 401fd8 47551->47552 47553 4023ce 11 API calls 47552->47553 47554 401fe1 47553->47554 47554->47222 47556 401fd2 47555->47556 47557 401fc9 47555->47557 47556->47227 47898 4025e0 28 API calls 47557->47898 47899 401fab 47559->47899 47561 40d0ae CreateMutexA GetLastError 47561->47243 47900 41c048 47562->47900 47567 401fe2 28 API calls 47568 41b390 47567->47568 47569 401fd8 11 API calls 47568->47569 47570 41b398 47569->47570 47571 4135e1 31 API calls 47570->47571 47573 41b3ee 47570->47573 47572 41b3c1 47571->47572 47574 41b3cc StrToIntA 47572->47574 47573->47249 47575 41b3e3 47574->47575 47576 41b3da 47574->47576 47578 401fd8 11 API calls 47575->47578 47908 41cffa 22 API calls 47576->47908 47578->47573 47580 407765 47579->47580 47581 413584 3 API calls 47580->47581 47582 40776c 47581->47582 47582->47260 47582->47261 47584 41bd03 47583->47584 47909 40b93f 47584->47909 47586 41bd0b 47586->47276 47588 401f22 47587->47588 47589 401f6a 47587->47589 47590 402252 11 API calls 47588->47590 47596 401f09 47589->47596 47591 401f2b 47590->47591 47592 401f6d 47591->47592 47593 401f46 47591->47593 47942 402336 47592->47942 47941 40305c 28 API calls 47593->47941 47597 402252 11 API calls 47596->47597 47598 401f12 47597->47598 47598->47288 47946 401f86 47599->47946 47602 40dae0 47607 41c048 GetCurrentProcess 47602->47607 47603 40daab 47956 41b645 29 API calls 47603->47956 47604 40daa1 47606 40dbd4 GetLongPathNameW 47604->47606 47950 40417e 47606->47950 47608 40dae5 47607->47608 47611 40dae9 47608->47611 47612 40db3b 47608->47612 47609 40dab4 47613 401f13 28 API calls 47609->47613 47616 40417e 28 API calls 47611->47616 47615 40417e 28 API calls 47612->47615 47652 40dabe 47613->47652 47619 40db49 47615->47619 47620 40daf7 47616->47620 47617 40417e 28 API calls 47618 40dbf8 47617->47618 47959 40de0c 28 API calls 47618->47959 47625 40417e 28 API calls 47619->47625 47626 40417e 28 API calls 47620->47626 47622 401f09 11 API calls 47622->47604 47623 40dc0b 47960 402fa5 28 API calls 47623->47960 47628 40db5f 47625->47628 47629 40db0d 47626->47629 47627 40dc16 47961 402fa5 28 API calls 47627->47961 47958 402fa5 28 API calls 47628->47958 47957 402fa5 28 API calls 47629->47957 47633 40dc20 47636 401f09 11 API calls 47633->47636 47634 40db6a 47637 401f13 28 API calls 47634->47637 47635 40db18 47638 401f13 28 API calls 47635->47638 47639 40dc2a 47636->47639 47640 40db75 47637->47640 47641 40db23 47638->47641 47642 401f09 11 API calls 47639->47642 47643 401f09 11 API calls 47640->47643 47644 401f09 11 API calls 47641->47644 47645 40dc33 47642->47645 47646 40db7e 47643->47646 47647 40db2c 47644->47647 47648 401f09 11 API calls 47645->47648 47649 401f09 11 API calls 47646->47649 47650 401f09 11 API calls 47647->47650 47651 40dc3c 47648->47651 47649->47652 47650->47652 47653 401f09 11 API calls 47651->47653 47652->47622 47654 40dc45 47653->47654 47655 401f09 11 API calls 47654->47655 47656 40dc4e 47655->47656 47656->47325 47658 40ce47 _wcslen 47657->47658 47659 40ce51 47658->47659 47660 40ce9b 47658->47660 47663 40ce5a CreateDirectoryW 47659->47663 47661 40da6f 31 API calls 47660->47661 47662 40cead 47661->47662 47664 401f13 28 API calls 47662->47664 47963 409196 47663->47963 47666 40ce99 47664->47666 47669 401f09 11 API calls 47666->47669 47667 40ce76 47997 403014 47667->47997 47674 40cec4 47669->47674 47671 401f13 28 API calls 47672 40ce90 47671->47672 47673 401f09 11 API calls 47672->47673 47673->47666 47675 40cefa 47674->47675 47676 40cedd 47674->47676 47677 40cf03 CopyFileW 47675->47677 47678 40cd48 31 API calls 47676->47678 47679 40cfd4 47677->47679 47680 40cf15 _wcslen 47677->47680 47713 40ceee 47678->47713 47970 40cd48 47679->47970 47680->47679 47683 40cf31 47680->47683 47684 40cf84 47680->47684 47688 40da6f 31 API calls 47683->47688 47687 40da6f 31 API calls 47684->47687 47685 40d01a 47690 40d062 CloseHandle 47685->47690 47696 40417e 28 API calls 47685->47696 47686 40cfee 47694 40cff7 SetFileAttributesW 47686->47694 47691 40cf8a 47687->47691 47689 40cf37 47688->47689 47693 401f13 28 API calls 47689->47693 47996 401f04 47690->47996 47692 401f13 28 API calls 47691->47692 47726 40cf7e 47692->47726 47697 40cf43 47693->47697 47710 40d006 _wcslen 47694->47710 47699 40d030 47696->47699 47700 401f09 11 API calls 47697->47700 47698 40d07e ShellExecuteW 47701 40d091 47698->47701 47702 40d09b ExitProcess 47698->47702 47703 41bcef 28 API calls 47699->47703 47705 40cf4c 47700->47705 47706 40d0a4 CreateMutexA GetLastError 47701->47706 47707 40d043 47703->47707 47704 401f09 11 API calls 47708 40cf9c 47704->47708 47709 409196 28 API calls 47705->47709 47706->47713 48003 41384f RegCreateKeyW 47707->48003 47715 40cfa8 CreateDirectoryW 47708->47715 47711 40cf60 47709->47711 47710->47685 47712 40d017 SetFileAttributesW 47710->47712 47716 403014 28 API calls 47711->47716 47712->47685 47713->47332 48002 401f04 47715->48002 47719 40cf6c 47716->47719 47722 401f13 28 API calls 47719->47722 47720 401f09 11 API calls 47720->47690 47724 40cf75 47722->47724 47725 401f09 11 API calls 47724->47725 47725->47726 47726->47704 47727->47202 47728->47210 47729->47214 47731->47235 47733 4135ae RegQueryValueExA RegCloseKey 47732->47733 47734 40ebdf 47732->47734 47733->47734 47734->47232 47734->47250 47735->47240 47736->47268 47737->47260 47738->47252 47739->47267 47740->47337 47741->47356 47742->47318 47744 40209b 47743->47744 47745 4023ce 11 API calls 47744->47745 47746 4020a6 47745->47746 48056 4024ed 47746->48056 47749->47336 47750->47342 47751->47348 47752->47359 47753->47367 47754->47378 47759 434563 47755->47759 47756 43bda0 _Yarn 21 API calls 47756->47759 47757 40f10c 47757->47385 47759->47756 47759->47757 48060 443001 7 API calls 2 library calls 47759->48060 48061 434c99 RaiseException Concurrency::cancel_current_task __CxxThrowException@8 47759->48061 48062 4352fb RaiseException Concurrency::cancel_current_task __CxxThrowException@8 47759->48062 47762->47413 47763->47427 47764->47401 47765->47408 47767->47434 47768->47444 47769->47259 47771->47280 47772->47292 48063 41ada8 104 API calls 47773->48063 47775 41b556 LoadResource LockResource SizeofResource 47774->47775 47776 40f419 47774->47776 47775->47776 47777 43bda0 47776->47777 47783 4461b8 __Getctype 47777->47783 47778 4461f6 47794 44062d 20 API calls _Atexit 47778->47794 47780 4461e1 RtlAllocateHeap 47781 4461f4 47780->47781 47780->47783 47781->47479 47783->47778 47783->47780 47793 443001 7 API calls 2 library calls 47783->47793 47785 4020bf 47784->47785 47795 4023ce 47785->47795 47787 4020ca 47799 40250a 47787->47799 47789 4020d9 47789->47482 47791 4020b7 28 API calls 47790->47791 47792 406e27 47791->47792 47792->47489 47793->47783 47794->47781 47796 402428 47795->47796 47797 4023d8 47795->47797 47796->47787 47797->47796 47806 4027a7 11 API calls std::_Deallocate 47797->47806 47800 40251a 47799->47800 47801 402520 47800->47801 47802 402535 47800->47802 47807 402569 47801->47807 47817 4028e8 28 API calls 47802->47817 47805 402533 47805->47789 47806->47796 47818 402888 47807->47818 47809 40257d 47810 402592 47809->47810 47811 4025a7 47809->47811 47823 402a34 22 API calls 47810->47823 47825 4028e8 28 API calls 47811->47825 47814 40259b 47824 4029da 22 API calls 47814->47824 47816 4025a5 47816->47805 47817->47805 47819 402890 47818->47819 47820 402898 47819->47820 47826 402ca3 22 API calls 47819->47826 47820->47809 47823->47814 47824->47816 47825->47816 47828 4020e7 47827->47828 47829 4023ce 11 API calls 47828->47829 47830 4020f2 47829->47830 47830->47517 47831->47517 47833 41ced2 47832->47833 47834 41cf31 47833->47834 47838 41cee2 47833->47838 47835 41cf4b 47834->47835 47836 41d071 28 API calls 47834->47836 47853 41d1d7 28 API calls 47835->47853 47836->47835 47839 41cf1a 47838->47839 47844 41d071 47838->47844 47852 41d1d7 28 API calls 47839->47852 47840 41cf2d 47840->47517 47843->47507 47846 41d079 47844->47846 47845 41d0ab 47845->47839 47846->47845 47847 41d0af 47846->47847 47850 41d093 47846->47850 47864 402725 22 API calls 47847->47864 47854 41d0e2 47850->47854 47852->47840 47853->47840 47855 41d0ec __EH_prolog 47854->47855 47865 402717 22 API calls 47855->47865 47857 41d0ff 47866 41d1ee 11 API calls 47857->47866 47859 41d125 47860 41d15d 47859->47860 47867 402730 11 API calls 47859->47867 47860->47845 47862 41d144 47868 402712 11 API calls std::_Deallocate 47862->47868 47865->47857 47866->47859 47867->47862 47868->47860 47869->47521 47870->47526 47871->47524 47874 4032aa 47873->47874 47875 4032c9 47874->47875 47877 4028e8 28 API calls 47874->47877 47875->47537 47877->47875 47879 4051fb 47878->47879 47888 405274 47879->47888 47881 405208 47881->47540 47883 402061 47882->47883 47884 4023ce 11 API calls 47883->47884 47885 40207b 47884->47885 47893 40267a 47885->47893 47889 405282 47888->47889 47892 4028a4 22 API calls 47889->47892 47894 40268b 47893->47894 47895 4023ce 11 API calls 47894->47895 47896 40208d 47895->47896 47896->47543 47897->47551 47898->47556 47901 41b362 47900->47901 47902 41c055 GetCurrentProcess 47900->47902 47903 4135e1 RegOpenKeyExA 47901->47903 47902->47901 47904 41360f RegQueryValueExA RegCloseKey 47903->47904 47905 413639 47903->47905 47904->47905 47906 402093 28 API calls 47905->47906 47907 41364e 47906->47907 47907->47567 47908->47575 47910 40b947 47909->47910 47915 402252 47910->47915 47912 40b952 47919 40b967 47912->47919 47914 40b961 47914->47586 47916 4022ac 47915->47916 47917 40225c 47915->47917 47916->47912 47917->47916 47926 402779 11 API calls std::_Deallocate 47917->47926 47920 40b9a1 47919->47920 47921 40b973 47919->47921 47938 4028a4 22 API calls 47920->47938 47927 4027e6 47921->47927 47925 40b97d 47925->47914 47926->47916 47928 4027ef 47927->47928 47929 402851 47928->47929 47930 4027f9 47928->47930 47940 4028a4 22 API calls 47929->47940 47933 402802 47930->47933 47934 402815 47930->47934 47939 402aea 28 API calls __EH_prolog 47933->47939 47935 402813 47934->47935 47937 402252 11 API calls 47934->47937 47935->47925 47937->47935 47939->47935 47941->47589 47943 402347 47942->47943 47944 402252 11 API calls 47943->47944 47945 4023c7 47944->47945 47945->47589 47947 401f8e 47946->47947 47948 402252 11 API calls 47947->47948 47949 401f99 47948->47949 47949->47602 47949->47603 47949->47604 47951 404186 47950->47951 47952 402252 11 API calls 47951->47952 47953 404191 47952->47953 47962 4041bc 28 API calls 47953->47962 47955 40419c 47955->47617 47956->47609 47957->47635 47958->47634 47959->47623 47960->47627 47961->47633 47962->47955 47964 401f86 11 API calls 47963->47964 47965 4091a2 47964->47965 48009 40314c 47965->48009 47967 4091bf 48013 40325d 47967->48013 47969 4091c7 47969->47667 47971 40cdaa 47970->47971 47972 40cd6e 47970->47972 47974 40cdeb 47971->47974 47975 40b9b7 28 API calls 47971->47975 48027 40b9b7 47972->48027 47977 40ce2c 47974->47977 47980 40b9b7 28 API calls 47974->47980 47978 40cdc1 47975->47978 47977->47685 47977->47686 47981 403014 28 API calls 47978->47981 47979 403014 28 API calls 47982 40cd8a 47979->47982 47983 40ce02 47980->47983 47984 40cdcb 47981->47984 47985 41384f 14 API calls 47982->47985 47986 403014 28 API calls 47983->47986 47987 41384f 14 API calls 47984->47987 47988 40cd9e 47985->47988 47989 40ce0c 47986->47989 47990 40cddf 47987->47990 47991 401f09 11 API calls 47988->47991 47992 41384f 14 API calls 47989->47992 47993 401f09 11 API calls 47990->47993 47991->47971 47994 40ce20 47992->47994 47993->47974 47995 401f09 11 API calls 47994->47995 47995->47977 48034 403222 47997->48034 47999 403022 48038 403262 47999->48038 48004 4138a1 48003->48004 48005 413864 48003->48005 48006 401f09 11 API calls 48004->48006 48008 41387d RegSetValueExW RegCloseKey 48005->48008 48007 40d056 48006->48007 48007->47720 48008->48004 48010 403156 48009->48010 48011 4027e6 28 API calls 48010->48011 48012 403175 48010->48012 48011->48012 48012->47967 48014 40323f 48013->48014 48017 4036a6 48014->48017 48016 40324c 48016->47969 48018 402888 22 API calls 48017->48018 48019 4036b9 48018->48019 48020 40372c 48019->48020 48021 4036de 48019->48021 48026 4028a4 22 API calls 48020->48026 48024 4027e6 28 API calls 48021->48024 48025 4036f0 48021->48025 48024->48025 48025->48016 48028 401f86 11 API calls 48027->48028 48029 40b9c3 48028->48029 48030 40314c 28 API calls 48029->48030 48031 40b9df 48030->48031 48032 40325d 28 API calls 48031->48032 48033 40b9f2 48032->48033 48033->47979 48035 40322e 48034->48035 48044 403618 48035->48044 48037 40323b 48037->47999 48039 40326e 48038->48039 48040 402252 11 API calls 48039->48040 48041 403288 48040->48041 48042 402336 11 API calls 48041->48042 48043 403031 48042->48043 48043->47671 48045 403626 48044->48045 48046 403644 48045->48046 48047 40362c 48045->48047 48048 40365c 48046->48048 48049 40369e 48046->48049 48050 4036a6 28 API calls 48047->48050 48051 403642 48048->48051 48053 4027e6 28 API calls 48048->48053 48055 4028a4 22 API calls 48049->48055 48050->48051 48051->48037 48053->48051 48057 4024f9 48056->48057 48058 40250a 28 API calls 48057->48058 48059 4020b1 48058->48059 48059->47330 48060->47759 48071 412829 61 API calls 48070->48071 48072 43bea8 48075 43beb4 _swprintf CallCatchBlock 48072->48075 48073 43bec2 48088 44062d 20 API calls _Atexit 48073->48088 48075->48073 48076 43beec 48075->48076 48083 445909 EnterCriticalSection 48076->48083 48078 43bef7 48084 43bf98 48078->48084 48079 43bec7 _Atexit CallCatchBlock 48083->48078 48085 43bfa6 48084->48085 48087 43bf02 48085->48087 48090 4497ec 36 API calls 2 library calls 48085->48090 48089 43bf1f LeaveCriticalSection std::_Lockit::~_Lockit 48087->48089 48088->48079 48089->48079 48090->48085 48091 40165e 48092 401666 48091->48092 48093 401669 48091->48093 48094 4016a8 48093->48094 48096 401696 48093->48096 48095 43455e new 22 API calls 48094->48095 48098 40169c 48095->48098 48097 43455e new 22 API calls 48096->48097 48097->48098

                                Executed Functions

                                Function 0041CBE1 Relevance: 148.9, APIs: 52, Strings: 33, Instructions: 176libraryloaderCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                • LoadLibraryA.KERNELBASE(Psapi,GetProcessImageFileNameW,?,?,?,?,0040EA1C), ref: 0041CBF6
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CBFF
                                • GetModuleHandleA.KERNEL32(Kernel32,GetProcessImageFileNameW,?,?,?,?,0040EA1C), ref: 0041CC16
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CC19
                                • LoadLibraryA.KERNEL32(shcore,SetProcessDpiAwareness,?,?,?,?,0040EA1C), ref: 0041CC2B
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CC2E
                                • LoadLibraryA.KERNEL32(user32,SetProcessDpiAwareness,?,?,?,?,0040EA1C), ref: 0041CC3F
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CC42
                                • LoadLibraryA.KERNEL32(ntdll,NtUnmapViewOfSection,?,?,?,?,0040EA1C), ref: 0041CC54
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CC57
                                • LoadLibraryA.KERNEL32(kernel32,GlobalMemoryStatusEx,?,?,?,?,0040EA1C), ref: 0041CC63
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CC66
                                • GetModuleHandleA.KERNEL32(kernel32,IsWow64Process,?,?,?,?,0040EA1C), ref: 0041CC77
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CC7A
                                • GetModuleHandleA.KERNEL32(kernel32,GetComputerNameExW,?,?,?,?,0040EA1C), ref: 0041CC8B
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CC8E
                                • LoadLibraryA.KERNEL32(Shell32,IsUserAnAdmin,?,?,?,?,0040EA1C), ref: 0041CC9F
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CCA2
                                • GetModuleHandleA.KERNEL32(kernel32,SetProcessDEPPolicy,?,?,?,?,0040EA1C), ref: 0041CCB3
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CCB6
                                • GetModuleHandleA.KERNEL32(user32,EnumDisplayDevicesW,?,?,?,?,0040EA1C), ref: 0041CCC7
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CCCA
                                • GetModuleHandleA.KERNEL32(user32,EnumDisplayMonitors,?,?,?,?,0040EA1C), ref: 0041CCDB
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CCDE
                                • GetModuleHandleA.KERNEL32(user32,GetMonitorInfoW,?,?,?,?,0040EA1C), ref: 0041CCEF
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CCF2
                                • GetModuleHandleA.KERNEL32(kernel32,GetSystemTimes,?,?,?,?,0040EA1C), ref: 0041CD03
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CD06
                                • LoadLibraryA.KERNEL32(Shlwapi,0000000C,?,?,?,?,0040EA1C), ref: 0041CD14
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CD17
                                • LoadLibraryA.KERNEL32(kernel32,GetConsoleWindow,?,?,?,?,0040EA1C), ref: 0041CD28
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CD2B
                                • GetModuleHandleA.KERNEL32(ntdll,NtSuspendProcess,?,?,?,?,0040EA1C), ref: 0041CD38
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CD3B
                                • GetModuleHandleA.KERNEL32(ntdll,NtResumeProcess,?,?,?,?,0040EA1C), ref: 0041CD48
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CD4B
                                • LoadLibraryA.KERNELBASE(Iphlpapi,GetExtendedTcpTable,?,?,?,?,0040EA1C), ref: 0041CD5D
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CD60
                                • LoadLibraryA.KERNEL32(Iphlpapi,GetExtendedUdpTable,?,?,?,?,0040EA1C), ref: 0041CD6D
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CD70
                                • GetModuleHandleA.KERNEL32(ntdll,NtQueryInformationProcess,?,?,?,?,0040EA1C), ref: 0041CD81
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CD84
                                • GetModuleHandleA.KERNEL32(kernel32,GetFinalPathNameByHandleW,?,?,?,?,0040EA1C), ref: 0041CD95
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CD98
                                • LoadLibraryA.KERNELBASE(Rstrtmgr,RmStartSession,?,?,?,?,0040EA1C), ref: 0041CDAA
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CDAD
                                • LoadLibraryA.KERNEL32(Rstrtmgr,RmRegisterResources,?,?,?,?,0040EA1C), ref: 0041CDBA
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CDBD
                                • LoadLibraryA.KERNEL32(Rstrtmgr,RmGetList,?,?,?,?,0040EA1C), ref: 0041CDCA
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CDCD
                                • LoadLibraryA.KERNEL32(Rstrtmgr,RmEndSession,?,?,?,?,0040EA1C), ref: 0041CDDA
                                • GetProcAddress.KERNEL32(00000000), ref: 0041CDDD
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: AddressProc$LibraryLoad$HandleModule
                                • String ID: EnumDisplayDevicesW$EnumDisplayMonitors$GetComputerNameExW$GetConsoleWindow$GetExtendedTcpTable$GetExtendedUdpTable$GetFinalPathNameByHandleW$GetMonitorInfoW$GetProcessImageFileNameW$GetSystemTimes$GlobalMemoryStatusEx$Iphlpapi$IsUserAnAdmin$IsWow64Process$Kernel32$NtQueryInformationProcess$NtResumeProcess$NtSuspendProcess$NtUnmapViewOfSection$Psapi$RmEndSession$RmGetList$RmRegisterResources$RmStartSession$Rstrtmgr$SetProcessDEPPolicy$SetProcessDpiAwareness$Shell32$Shlwapi$kernel32$ntdll$shcore$user32
                                • API String ID: 4236061018-3687161714
                                • Opcode ID: 5fded5d77b72a202610b087cc82529c2f7d7b10a8ab2824fd38dfad8e3bd9f71
                                • Instruction ID: 9b463eec3a0437fb1f175c53e93b0f4db36c95b88d1cb607187732a7b05a7934
                                • Opcode Fuzzy Hash: 5fded5d77b72a202610b087cc82529c2f7d7b10a8ab2824fd38dfad8e3bd9f71
                                • Instruction Fuzzy Hash: E2418BA0E8035879DB207BB65D89E3B3E5CD9857953614837B44C93550EBBCEC408EAE
                                Function 0040EA00 Relevance: 69.0, APIs: 14, Strings: 25, Instructions: 795COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 5 40ea00-40ea82 call 41cbe1 GetModuleFileNameW call 40f3fe call 4020f6 * 2 call 41beac call 40fb52 call 401e8d call 43fd50 22 40ea84-40eac9 call 40fbee call 401e65 call 401fab call 410f72 call 40fb9f call 40f3eb 5->22 23 40eace-40eb96 call 401e65 call 401fab call 401e65 call 40531e call 406383 call 401fe2 call 401fd8 * 2 call 401e65 call 401fc0 call 405aa6 call 401e65 call 4051e3 call 401e65 call 4051e3 5->23 49 40ef2d-40ef3e call 401fd8 22->49 69 40eb98-40ebe3 call 406c59 call 401fe2 call 401fd8 call 401fab call 413584 23->69 70 40ebe9-40ec04 call 401e65 call 40b9f8 23->70 69->70 102 40f38a-40f3a5 call 401fab call 4139e4 call 4124b0 69->102 80 40ec06-40ec25 call 401fab call 413584 70->80 81 40ec3e-40ec45 call 40d0a4 70->81 80->81 98 40ec27-40ec3d call 401fab call 4139e4 80->98 90 40ec47-40ec49 81->90 91 40ec4e-40ec55 81->91 94 40ef2c 90->94 95 40ec57 91->95 96 40ec59-40ec65 call 41b354 91->96 94->49 95->96 103 40ec67-40ec69 96->103 104 40ec6e-40ec72 96->104 98->81 123 40f3aa-40f3db call 41bcef call 401f04 call 413a5e call 401f09 * 2 102->123 103->104 107 40ecb1-40ecc4 call 401e65 call 401fab 104->107 108 40ec74 call 407751 104->108 128 40ecc6 call 407790 107->128 129 40eccb-40ed53 call 401e65 call 41bcef call 401f13 call 401f09 call 401e65 call 401fab call 401e65 call 401fab call 401e65 call 401fab call 401e65 call 401fab 107->129 117 40ec79-40ec7b 108->117 120 40ec87-40ec9a call 401e65 call 401fab 117->120 121 40ec7d-40ec82 call 407773 call 40729b 117->121 120->107 141 40ec9c-40eca2 120->141 121->120 157 40f3e0-40f3ea call 40dd7d call 414f65 123->157 128->129 177 40ed55-40ed6e call 401e65 call 401fab call 43bb56 129->177 178 40edbb-40edbf 129->178 141->107 144 40eca4-40ecaa 141->144 144->107 147 40ecac call 40729b 144->147 147->107 177->178 205 40ed70-40ed9c call 401e65 call 401fab call 401e65 call 401fab call 40da6f 177->205 180 40ef41-40efa1 call 436f10 call 40247c call 401fab * 2 call 413733 call 409092 178->180 181 40edc5-40edcc 178->181 236 40efa6-40effa call 401e65 call 401fab call 402093 call 401fab call 4137aa call 401e65 call 401fab call 43bb2c 180->236 184 40ee4a-40ee54 call 409092 181->184 185 40edce-40ee40 call 401e65 call 401fab call 401e65 call 401fab call 401e65 call 401fab call 401e65 call 401fab call 401e65 call 401fab call 40ce34 181->185 192 40ee59-40ee7d call 40247c call 434829 184->192 271 40ee45-40ee48 185->271 212 40ee8c 192->212 213 40ee7f-40ee8a call 436f10 192->213 247 40eda1-40edb6 call 401f13 call 401f09 205->247 215 40ee8e-40ef03 call 401f04 call 43f859 call 40247c call 401fab call 40247c call 401fab call 413982 call 434832 call 401e65 call 40b9f8 212->215 213->215 215->236 286 40ef09-40ef28 call 401e65 call 41bcef call 40f4af 215->286 287 40f017-40f019 236->287 288 40effc 236->288 247->178 271->192 286->236 306 40ef2a 286->306 290 40f01b-40f01d 287->290 291 40f01f 287->291 289 40effe-40f015 call 41ce2c CreateThread 288->289 294 40f025-40f101 call 402093 * 2 call 41b580 call 401e65 call 401fab call 401e65 call 401fab call 401e65 call 401fab call 43bb2c call 401e65 call 401fab call 401e65 call 401fab call 401e65 call 401fab call 401e65 call 401fab StrToIntA call 409e1f call 401e65 call 401fab 289->294 290->289 291->294 344 40f103-40f13a call 43455e call 401e65 call 401fab CreateThread 294->344 345 40f13c 294->345 306->94 347 40f13e-40f156 call 401e65 call 401fab 344->347 345->347 357 40f194-40f1a7 call 401e65 call 401fab 347->357 358 40f158-40f18f call 43455e call 401e65 call 401fab CreateThread 347->358 368 40f207-40f21a call 401e65 call 401fab 357->368 369 40f1a9-40f202 call 401e65 call 401fab call 401e65 call 401fab call 40da23 call 401f13 call 401f09 CreateThread 357->369 358->357 379 40f255-40f279 call 41b69e call 401f13 call 401f09 368->379 380 40f21c-40f250 call 401e65 call 401fab call 401e65 call 401fab call 43bb2c call 40c19d 368->380 369->368 400 40f27b 379->400 401 40f27e-40f291 CreateThread 379->401 380->379 400->401 404 40f293-40f29d CreateThread 401->404 405 40f29f-40f2a6 401->405 404->405 408 40f2b4-40f2bb 405->408 409 40f2a8-40f2b2 CreateThread 405->409 412 40f2c9 408->412 413 40f2bd-40f2c0 408->413 409->408 418 40f2ce-40f302 call 402093 call 4052fd call 402093 call 41b580 call 401fd8 412->418 415 40f2c2-40f2c7 413->415 416 40f307-40f322 call 401fab call 41353a 413->416 415->418 416->157 428 40f328-40f368 call 41bcef call 401f04 call 413656 call 401f09 call 401f04 416->428 418->416 443 40f381-40f386 DeleteFileW 428->443 444 40f388 443->444 445 40f36a-40f36d 443->445 444->123 445->123 446 40f36f-40f37c Sleep call 401f04 445->446 446->443
                                APIs
                                  • Part of subcall function 0041CBE1: LoadLibraryA.KERNELBASE(Psapi,GetProcessImageFileNameW,?,?,?,?,0040EA1C), ref: 0041CBF6
                                  • Part of subcall function 0041CBE1: GetProcAddress.KERNEL32(00000000), ref: 0041CBFF
                                  • Part of subcall function 0041CBE1: GetModuleHandleA.KERNEL32(Kernel32,GetProcessImageFileNameW,?,?,?,?,0040EA1C), ref: 0041CC16
                                  • Part of subcall function 0041CBE1: GetProcAddress.KERNEL32(00000000), ref: 0041CC19
                                  • Part of subcall function 0041CBE1: LoadLibraryA.KERNEL32(shcore,SetProcessDpiAwareness,?,?,?,?,0040EA1C), ref: 0041CC2B
                                  • Part of subcall function 0041CBE1: GetProcAddress.KERNEL32(00000000), ref: 0041CC2E
                                  • Part of subcall function 0041CBE1: LoadLibraryA.KERNEL32(user32,SetProcessDpiAwareness,?,?,?,?,0040EA1C), ref: 0041CC3F
                                  • Part of subcall function 0041CBE1: GetProcAddress.KERNEL32(00000000), ref: 0041CC42
                                  • Part of subcall function 0041CBE1: LoadLibraryA.KERNEL32(ntdll,NtUnmapViewOfSection,?,?,?,?,0040EA1C), ref: 0041CC54
                                  • Part of subcall function 0041CBE1: GetProcAddress.KERNEL32(00000000), ref: 0041CC57
                                  • Part of subcall function 0041CBE1: LoadLibraryA.KERNEL32(kernel32,GlobalMemoryStatusEx,?,?,?,?,0040EA1C), ref: 0041CC63
                                  • Part of subcall function 0041CBE1: GetProcAddress.KERNEL32(00000000), ref: 0041CC66
                                  • Part of subcall function 0041CBE1: GetModuleHandleA.KERNEL32(kernel32,IsWow64Process,?,?,?,?,0040EA1C), ref: 0041CC77
                                  • Part of subcall function 0041CBE1: GetProcAddress.KERNEL32(00000000), ref: 0041CC7A
                                  • Part of subcall function 0041CBE1: GetModuleHandleA.KERNEL32(kernel32,GetComputerNameExW,?,?,?,?,0040EA1C), ref: 0041CC8B
                                  • Part of subcall function 0041CBE1: GetProcAddress.KERNEL32(00000000), ref: 0041CC8E
                                  • Part of subcall function 0041CBE1: LoadLibraryA.KERNEL32(Shell32,IsUserAnAdmin,?,?,?,?,0040EA1C), ref: 0041CC9F
                                  • Part of subcall function 0041CBE1: GetProcAddress.KERNEL32(00000000), ref: 0041CCA2
                                  • Part of subcall function 0041CBE1: GetModuleHandleA.KERNEL32(kernel32,SetProcessDEPPolicy,?,?,?,?,0040EA1C), ref: 0041CCB3
                                  • Part of subcall function 0041CBE1: GetProcAddress.KERNEL32(00000000), ref: 0041CCB6
                                  • Part of subcall function 0041CBE1: GetModuleHandleA.KERNEL32(user32,EnumDisplayDevicesW,?,?,?,?,0040EA1C), ref: 0041CCC7
                                  • Part of subcall function 0041CBE1: GetProcAddress.KERNEL32(00000000), ref: 0041CCCA
                                  • Part of subcall function 0041CBE1: GetModuleHandleA.KERNEL32(user32,EnumDisplayMonitors,?,?,?,?,0040EA1C), ref: 0041CCDB
                                  • Part of subcall function 0041CBE1: GetProcAddress.KERNEL32(00000000), ref: 0041CCDE
                                  • Part of subcall function 0041CBE1: GetModuleHandleA.KERNEL32(user32,GetMonitorInfoW,?,?,?,?,0040EA1C), ref: 0041CCEF
                                  • Part of subcall function 0041CBE1: GetProcAddress.KERNEL32(00000000), ref: 0041CCF2
                                  • Part of subcall function 0041CBE1: GetModuleHandleA.KERNEL32(kernel32,GetSystemTimes,?,?,?,?,0040EA1C), ref: 0041CD03
                                  • Part of subcall function 0041CBE1: GetProcAddress.KERNEL32(00000000), ref: 0041CD06
                                  • Part of subcall function 0041CBE1: LoadLibraryA.KERNEL32(Shlwapi,0000000C,?,?,?,?,0040EA1C), ref: 0041CD14
                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\NEW ORDER- 4788467.exe,00000104), ref: 0040EA29
                                  • Part of subcall function 00410F72: __EH_prolog.LIBCMT ref: 00410F77
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: AddressProc$Module$Handle$LibraryLoad$FileH_prologName
                                • String ID: (TG$0SG$0SG$Access Level: $Administrator$C:\Users\user\Desktop\NEW ORDER- 4788467.exe$Exe$HSG$HSG$Inj$Remcos Agent initialized$Software\$User$`SG$del$del$exepath$licence$license_code.txt$tMG$RG$RG$RG$RG$RG
                                • API String ID: 2830904901-595617793
                                • Opcode ID: 1e32a1f6e75171ea22aac4dcf6dddc777dc792ca77acdf873412a46b644a0f45
                                • Instruction ID: 744eeac4272eceb7f63ef51a6efbfa797c3f505d1bd04c543663c5f487e0f2b9
                                • Opcode Fuzzy Hash: 1e32a1f6e75171ea22aac4dcf6dddc777dc792ca77acdf873412a46b644a0f45
                                • Instruction Fuzzy Hash: 7D32D860B043416BDA14B7729C57B6E26994F80748F40483FB9467F2E3EEBD8D45839E
                                Function 0040CE34 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 203fileCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                • _wcslen.LIBCMT ref: 0040CE42
                                • CreateDirectoryW.KERNELBASE(00000000,00000000,00000000,00000000,?,004750F4,0000000E,00000027,0000000D,00000033,00000000,00000032,00000000,Exe,00000000,0000000E), ref: 0040CE5B
                                • CopyFileW.KERNELBASE(C:\Users\user\Desktop\NEW ORDER- 4788467.exe,00000000,00000000,00000000,00000000,00000000,?,004750F4,0000000E,00000027,0000000D,00000033,00000000,00000032,00000000,Exe), ref: 0040CF0B
                                • _wcslen.LIBCMT ref: 0040CF21
                                • CreateDirectoryW.KERNEL32(00000000,00000000,00000000), ref: 0040CFA9
                                • CopyFileW.KERNEL32(C:\Users\user\Desktop\NEW ORDER- 4788467.exe,00000000,00000000), ref: 0040CFBF
                                • SetFileAttributesW.KERNEL32(00000000,00000007), ref: 0040CFFE
                                • _wcslen.LIBCMT ref: 0040D001
                                • SetFileAttributesW.KERNEL32(00000000,00000007), ref: 0040D018
                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004750F4,0000000E), ref: 0040D068
                                • ShellExecuteW.SHELL32(00000000,open,00000000,00466478,00466478,00000001), ref: 0040D086
                                • ExitProcess.KERNEL32 ref: 0040D09D
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: File$_wcslen$AttributesCopyCreateDirectory$CloseExecuteExitHandleProcessShell
                                • String ID: 6$C:\Users\user\Desktop\NEW ORDER- 4788467.exe$del$open$RG$RG
                                • API String ID: 1579085052-2320746925
                                • Opcode ID: 9da61e2a0b324435381bfde1bec6712cc34e37c223cfcc10cddbbcfabc61535f
                                • Instruction ID: ff97e746579a928a3d51456624c9bd3823d06e613cf3e42bd6c526c8f9e3827f
                                • Opcode Fuzzy Hash: 9da61e2a0b324435381bfde1bec6712cc34e37c223cfcc10cddbbcfabc61535f
                                • Instruction Fuzzy Hash: 8051C620208302ABD615B7769C92A6F67999F84719F10443FF609BA1E3EF7C9C05866E
                                Function 0040DA6F Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 139COMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                • GetLongPathNameW.KERNELBASE(00000000,?,00000208), ref: 0040DBD5
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: LongNamePath
                                • String ID: AppData$ProgramData$ProgramFiles$SystemDrive$Temp$UserProfile$WinDir$\SysWOW64$\system32
                                • API String ID: 82841172-425784914
                                • Opcode ID: 950a4878188ae2012b00d44a81afeff5ed8279e2648f5b64c50455368fdb8d40
                                • Instruction ID: db29472287e64cad03ac4489520097095d7cef5d056ecb8d0020da3553efca3c
                                • Opcode Fuzzy Hash: 950a4878188ae2012b00d44a81afeff5ed8279e2648f5b64c50455368fdb8d40
                                • Instruction Fuzzy Hash: 0A4151715082019AC205F765DC96CAAB7B8AE90758F10053FB146B20E2FFBCAE4DC65B
                                Function 0041B354 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 61COMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                  • Part of subcall function 0041C048: GetCurrentProcess.KERNEL32(?,?,?,0040DAE5,WinDir,00000000,00000000), ref: 0041C059
                                  • Part of subcall function 004135E1: RegOpenKeyExA.KERNELBASE(80000001,00000400,00000000,00020019,?), ref: 00413605
                                  • Part of subcall function 004135E1: RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000400), ref: 00413622
                                  • Part of subcall function 004135E1: RegCloseKey.KERNELBASE(?), ref: 0041362D
                                • StrToIntA.SHLWAPI(00000000,0046CA08,00000000,00000000,00000000,004750F4,00000003,Exe,00000000,0000000E,00000000,004660CC,00000003,00000000), ref: 0041B3CD
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CloseCurrentOpenProcessQueryValue
                                • String ID: (32 bit)$ (64 bit)$CurrentBuildNumber$ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                • API String ID: 1866151309-2070987746
                                • Opcode ID: af5a1c10c4e4d4d1bcff49d9d0ea1b51456780ad904b9fb85b61f30d16b2fa3b
                                • Instruction ID: 99e2d84e4b8fa31c947f893a9fcbf762d6d1118dcb79bce5eaccee633664c5dc
                                • Opcode Fuzzy Hash: af5a1c10c4e4d4d1bcff49d9d0ea1b51456780ad904b9fb85b61f30d16b2fa3b
                                • Instruction Fuzzy Hash: 0311C47064414926C700F7659C97BFF76198B80304F94453BF806A71D3FB6C598683EE
                                Function 0041384F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39registryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 656 41384f-413862 RegCreateKeyW 657 4138a1 656->657 658 413864-41389f call 40247c call 401f04 RegSetValueExW RegCloseKey 656->658 659 4138a3-4138b1 call 401f09 657->659 658->659
                                APIs
                                • RegCreateKeyW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,?), ref: 0041385A
                                • RegSetValueExW.KERNELBASE(?,00000000,00000000,00000001,00000000,00000000,?,?,?,?,00000000,004752E8,76F937E0,?), ref: 00413888
                                • RegCloseKey.ADVAPI32(?,?,?,?,?,00000000,004752E8,76F937E0,?,?,?,?,?,0040CFE5,?,00000000), ref: 00413893
                                Strings
                                • Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\, xrefs: 00413858
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CloseCreateValue
                                • String ID: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
                                • API String ID: 1818849710-1051519024
                                • Opcode ID: 4130c156bc7d53422bd274e0503f6f5712380358a0a777b589ce21756e596352
                                • Instruction ID: 9133f253890910ff78e8f434c24b82038cc7026402723a24ca4ec17c3e6d8cb5
                                • Opcode Fuzzy Hash: 4130c156bc7d53422bd274e0503f6f5712380358a0a777b589ce21756e596352
                                • Instruction Fuzzy Hash: 15F0C271440218FBCF00AFA1EC45FEE376CEF00756F10452AF905A61A1E7759E04DA94
                                Function 0040D0A4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13synchronizationCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 666 40d0a4-40d0d0 call 401fab CreateMutexA GetLastError
                                APIs
                                • CreateMutexA.KERNELBASE(00000000,00000001,00000000,0040EC43,0000000D,00000033,00000000,00000032,00000000,Exe,00000000,0000000E,00000000,004660CC,00000003,00000000), ref: 0040D0B3
                                • GetLastError.KERNEL32 ref: 0040D0BE
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CreateErrorLastMutex
                                • String ID: 0SG
                                • API String ID: 1925916568-2718230054
                                • Opcode ID: aba24bfd7e8b808837b934fb3074bb655e41bd047bfda9aafcf34366fa62f390
                                • Instruction ID: 897831e38bae895769414ba5eaefcaa992d87aaaa8244aa01aad5f1db7de32a1
                                • Opcode Fuzzy Hash: aba24bfd7e8b808837b934fb3074bb655e41bd047bfda9aafcf34366fa62f390
                                • Instruction Fuzzy Hash: 62D012B0614301EBDB0467709C5975936559B44702F50487AB50BD95F1CBFC88D08519
                                Function 004135E1 Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 669 4135e1-41360d RegOpenKeyExA 670 413642 669->670 671 41360f-413637 RegQueryValueExA RegCloseKey 669->671 672 413644 670->672 671->672 673 413639-413640 671->673 674 413649-413655 call 402093 672->674 673->674
                                APIs
                                • RegOpenKeyExA.KERNELBASE(80000001,00000400,00000000,00020019,?), ref: 00413605
                                • RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000400), ref: 00413622
                                • RegCloseKey.KERNELBASE(?), ref: 0041362D
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CloseOpenQueryValue
                                • String ID:
                                • API String ID: 3677997916-0
                                • Opcode ID: 859e64f62c27df18338a46db6ec3b0787647947da56704c1ae6da14bd80b9033
                                • Instruction ID: 0661f39b514c0023b6096d8878825bbc81d19e8e8981dfb5b132c5fecbfe39b6
                                • Opcode Fuzzy Hash: 859e64f62c27df18338a46db6ec3b0787647947da56704c1ae6da14bd80b9033
                                • Instruction Fuzzy Hash: 4A01D676900228FBCB209B91DC08DEF7F7DDB44B51F004066BB05A2240DA748E45DBA4
                                Function 00413584 Relevance: 4.5, APIs: 3, Instructions: 37registryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 677 413584-4135ac RegOpenKeyExA 678 4135db 677->678 679 4135ae-4135d9 RegQueryValueExA RegCloseKey 677->679 680 4135dd-4135e0 678->680 679->680
                                APIs
                                • RegOpenKeyExA.KERNELBASE(80000001,00000000,00000000,00020019,00000000,00000000), ref: 004135A4
                                • RegQueryValueExA.ADVAPI32(00000000,?,00000000,?,?,?), ref: 004135C2
                                • RegCloseKey.ADVAPI32(00000000), ref: 004135CD
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CloseOpenQueryValue
                                • String ID:
                                • API String ID: 3677997916-0
                                • Opcode ID: 1fd388fcba5a36fc4cfbdc9a361dcb97530194601f604bbc1403cef4751c10f9
                                • Instruction ID: 3ea041f737baa467864e73cd7e114674dd940ed34319bd14b5ec79364d8ab256
                                • Opcode Fuzzy Hash: 1fd388fcba5a36fc4cfbdc9a361dcb97530194601f604bbc1403cef4751c10f9
                                • Instruction Fuzzy Hash: 39F01D76900218FFDF109FA09C45FEE7BBDEB04B11F1044A5BA04E6191D6359F549B94
                                Function 0040165E Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 709 40165e-401664 710 401666-401668 709->710 711 401669-401674 709->711 712 401676 711->712 713 40167b-401685 711->713 712->713 714 401687-40168d 713->714 715 4016a8-4016a9 call 43455e 713->715 714->715 716 40168f-401694 714->716 719 4016ae-4016af 715->719 716->712 718 401696-4016a6 call 43455e 716->718 721 4016b1-4016b3 718->721 719->721
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9ebd29a8193938baf2c5ce5f6ec3a3ea5040e3c3e83895a942c6279db0e0dd98
                                • Instruction ID: 1e9d0a06bdb6e9f7b23a96960dfc4b712b0be9606a3b942e14a6d4fe6a34620f
                                • Opcode Fuzzy Hash: 9ebd29a8193938baf2c5ce5f6ec3a3ea5040e3c3e83895a942c6279db0e0dd98
                                • Instruction Fuzzy Hash: EBF0E2706042016BCB0C8B34CD50B2A37954B84325F248F7FF02BD61E0C73EC8918A0D
                                Function 004461B8 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 723 4461b8-4461c4 724 4461f6-446201 call 44062d 723->724 725 4461c6-4461c8 723->725 732 446203-446205 724->732 727 4461e1-4461f2 RtlAllocateHeap 725->727 728 4461ca-4461cb 725->728 729 4461f4 727->729 730 4461cd-4461d4 call 4455c6 727->730 728->727 729->732 730->724 735 4461d6-4461df call 443001 730->735 735->724 735->727
                                APIs
                                • RtlAllocateHeap.NTDLL(00000000,00435349,?,?,004388C7,?,?,00000000,00476B60,?,0040DE9D,00435349,?,?,?,?), ref: 004461EA
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: AllocateHeap
                                • String ID:
                                • API String ID: 1279760036-0
                                • Opcode ID: 9dc7fa543976cc1aa64452a14dec52ea5ded8d4e1ebcbf177ce858167d1c4c1d
                                • Instruction ID: 139fbca062bb8bf671a891d82c3cf8fc988f9ce198a1a8b78c24da0334343556
                                • Opcode Fuzzy Hash: 9dc7fa543976cc1aa64452a14dec52ea5ded8d4e1ebcbf177ce858167d1c4c1d
                                • Instruction Fuzzy Hash: CEE0E531A0021267F6312A269C01B5B76599B437A0F170137AD15922D2CE6CCD0181EF

                                Non-executed Functions

                                Function 0040569A Relevance: 47.5, APIs: 15, Strings: 12, Instructions: 278pipesleepfileCOMMON
                                Download Yara Rule
                                APIs
                                • __Init_thread_footer.LIBCMT ref: 004056E6
                                  • Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36
                                • __Init_thread_footer.LIBCMT ref: 00405723
                                • CreatePipe.KERNEL32(00476CDC,00476CC4,00476BE8,00000000,004660CC,00000000), ref: 004057B6
                                • CreatePipe.KERNEL32(00476CC8,00476CE4,00476BE8,00000000), ref: 004057CC
                                • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00476BF8,00476CCC), ref: 0040583F
                                • Sleep.KERNEL32(0000012C,00000093,?), ref: 00405897
                                • PeekNamedPipe.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 004058BC
                                • ReadFile.KERNEL32(00000000,?,?,00000000), ref: 004058E9
                                  • Part of subcall function 00434801: __onexit.LIBCMT ref: 00434807
                                • WriteFile.KERNEL32(00000000,00000000,?,00000000,00474FA0,004660D0,00000062,004660B4), ref: 004059E4
                                • Sleep.KERNEL32(00000064,00000062,004660B4), ref: 004059FE
                                • TerminateProcess.KERNEL32(00000000), ref: 00405A17
                                • CloseHandle.KERNEL32 ref: 00405A23
                                • CloseHandle.KERNEL32 ref: 00405A2B
                                • CloseHandle.KERNEL32 ref: 00405A3D
                                • CloseHandle.KERNEL32 ref: 00405A45
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CloseHandle$CreatePipe$FileInit_thread_footerProcessSleep$NamedPeekReadTerminateWrite__onexitsend
                                • String ID: @lG$@lG$@lG$@lG$@lG$SystemDrive$cmd.exe$kG$lG$lG$lG$lG
                                • API String ID: 2994406822-3565532687
                                • Opcode ID: 6cca1b1255fd5155d0d411a20d9a5d10f5ae3372ac694c78da602dbc990cd28b
                                • Instruction ID: efba9956b6c01968ba48be3e84054341744464a70a9fb060b5e58b4ef4e39929
                                • Opcode Fuzzy Hash: 6cca1b1255fd5155d0d411a20d9a5d10f5ae3372ac694c78da602dbc990cd28b
                                • Instruction Fuzzy Hash: ED91B271600604AFD711FB35AD41A6B3AAAEB84344F01443FF549A72E2DB7D9C488F6D
                                Function 00407CD2 Relevance: 42.8, APIs: 10, Strings: 14, Instructions: 835filesleepCOMMON
                                Download Yara Rule
                                APIs
                                • SetEvent.KERNEL32(?,?), ref: 00407CF4
                                • GetFileAttributesW.KERNEL32(00000000,00000000,?), ref: 00407DC2
                                • DeleteFileW.KERNEL32(00000000), ref: 00407DE4
                                  • Part of subcall function 0041C322: FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,00474EF0,?), ref: 0041C37D
                                  • Part of subcall function 0041C322: FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?,00474EF0,?), ref: 0041C3AD
                                  • Part of subcall function 0041C322: RemoveDirectoryW.KERNEL32(?,?,?,?,?,?,00474EF0,?), ref: 0041C402
                                  • Part of subcall function 0041C322: FindClose.KERNEL32(00000000,?,?,?,?,?,00474EF0,?), ref: 0041C463
                                  • Part of subcall function 0041C322: RemoveDirectoryW.KERNEL32(00000000,?,?,?,?,?,00474EF0,?), ref: 0041C46A
                                  • Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36
                                  • Part of subcall function 0041B580: GetLocalTime.KERNEL32(00000000), ref: 0041B59A
                                  • Part of subcall function 00404AA1: WaitForSingleObject.KERNEL32(?,00000000,00401A45,?,?,00000004,?,?,00000004,00476B60,00474EF0,00000000), ref: 00404B47
                                  • Part of subcall function 00404AA1: SetEvent.KERNEL32(?,?,?,00000004,?,?,00000004,00476B60,00474EF0,00000000,?,?,?,?,?,00401A45), ref: 00404B75
                                • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 004081D2
                                • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 004082B3
                                • SetFileAttributesW.KERNEL32(00000000,?,00000000,00000001), ref: 004084FF
                                • DeleteFileA.KERNEL32(?), ref: 0040868D
                                  • Part of subcall function 00408847: __EH_prolog.LIBCMT ref: 0040884C
                                  • Part of subcall function 00408847: FindFirstFileW.KERNEL32(00000000,?,00466618,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00408905
                                  • Part of subcall function 00408847: __CxxThrowException@8.LIBVCRUNTIME ref: 0040892D
                                  • Part of subcall function 00408847: FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040893A
                                • Sleep.KERNEL32(000007D0), ref: 00408733
                                • StrToIntA.SHLWAPI(00000000,00000000), ref: 00408775
                                  • Part of subcall function 0041CA73: SystemParametersInfoW.USER32(00000014,00000000,00000000,00000003), ref: 0041CB68
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: File$Find$AttributesDeleteDirectoryEventFirstNextRemove$CloseDriveException@8ExecuteH_prologInfoLocalLogicalObjectParametersShellSingleSleepStringsSystemThrowTimeWaitsend
                                • String ID: 8PG$Browsing directory: $Deleted file: $Downloaded file: $Downloading file: $Executing file: $Failed to download file: $Unable to delete: $Unable to rename file!$hPG$hPG$hPG$hPG$open
                                • API String ID: 1067849700-718893278
                                • Opcode ID: fe96de86ee4d4cd788633588fbe72865e40e830fc14cd86afd1aef33dfe9ee04
                                • Instruction ID: d596b55e62c6dc406d7f5c06aadeacefb76b4acf2f669351df47ebe9cc805958
                                • Opcode Fuzzy Hash: fe96de86ee4d4cd788633588fbe72865e40e830fc14cd86afd1aef33dfe9ee04
                                • Instruction Fuzzy Hash: 9F4282716043016BC604FB76C9579AE77A9AF91348F80483FF582671E2EE7C9908C79B
                                Function 00412132 Relevance: 33.5, APIs: 7, Strings: 12, Instructions: 238threadCOMMON
                                Download Yara Rule
                                APIs
                                • GetCurrentProcessId.KERNEL32 ref: 00412141
                                  • Part of subcall function 004138B2: RegCreateKeyA.ADVAPI32(80000001,00000000,004660B4), ref: 004138C0
                                  • Part of subcall function 004138B2: RegSetValueExA.ADVAPI32(004660B4,000000AF,00000000,00000004,00000001,00000004,?,?,?,0040C18D,00466C58,00000001,000000AF,004660B4), ref: 004138DB
                                  • Part of subcall function 004138B2: RegCloseKey.ADVAPI32(004660B4,?,?,?,0040C18D,00466C58,00000001,000000AF,004660B4), ref: 004138E6
                                • OpenMutexA.KERNEL32(00100000,00000000,00000000), ref: 00412181
                                • CloseHandle.KERNEL32(00000000), ref: 00412190
                                • CreateThread.KERNEL32(00000000,00000000,00412829,00000000,00000000,00000000), ref: 004121E6
                                • OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 00412455
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CloseCreateOpenProcess$CurrentHandleMutexThreadValue
                                • String ID: (TG$Remcos restarted by watchdog!$WDH$Watchdog launch failed!$Watchdog module activated$WinDir$\SysWOW64\$\system32\$fsutil.exe$rmclient.exe$svchost.exe$RG
                                • API String ID: 3018269243-1913798818
                                • Opcode ID: 494e02afd915312d621a6cd56bbb50f1ca2f82910519e8adf4cbfd99556fab1a
                                • Instruction ID: 26abbb7e12f392f9fbc718c06b30ae47eaa1113e002934215aad22704783e961
                                • Opcode Fuzzy Hash: 494e02afd915312d621a6cd56bbb50f1ca2f82910519e8adf4cbfd99556fab1a
                                • Instruction Fuzzy Hash: 3C71A23160420167C604FB72CD579AE77A4AE94308F40097FF586A61E2FFBC9945C69E
                                Function 0040BB6B Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 146fileCOMMON
                                Download Yara Rule
                                APIs
                                • FindFirstFileA.KERNEL32(00000000,?,00000000,\AppData\Roaming\Mozilla\Firefox\Profiles\), ref: 0040BBEA
                                • FindClose.KERNEL32(00000000), ref: 0040BC04
                                • FindNextFileA.KERNEL32(00000000,?), ref: 0040BD27
                                • FindClose.KERNEL32(00000000), ref: 0040BD4D
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Find$CloseFile$FirstNext
                                • String ID: [Firefox StoredLogins Cleared!]$[Firefox StoredLogins not found]$UserProfile$\AppData\Roaming\Mozilla\Firefox\Profiles\$\key3.db$\logins.json
                                • API String ID: 1164774033-3681987949
                                • Opcode ID: b41a8e288d6c781c84b11b836a0024b7a118f79960b3641b573c725179fdc384
                                • Instruction ID: 8b0b2ff803da1d4b435a108118727fe7c74031c8ac088da8990f7d135a86af9b
                                • Opcode Fuzzy Hash: b41a8e288d6c781c84b11b836a0024b7a118f79960b3641b573c725179fdc384
                                • Instruction Fuzzy Hash: C7514F3190021A9ADB14FBB2DC56AEEB739AF10304F50057FF506721E2FF785A49CA99
                                Function 004168FC Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 80clipboardmemoryCOMMON
                                Download Yara Rule
                                APIs
                                • OpenClipboard.USER32 ref: 004168FD
                                • EmptyClipboard.USER32 ref: 0041690B
                                • GlobalAlloc.KERNEL32(00002000,-00000002), ref: 0041692B
                                • GlobalLock.KERNEL32(00000000), ref: 00416934
                                • GlobalUnlock.KERNEL32(00000000), ref: 0041696A
                                • SetClipboardData.USER32(0000000D,00000000), ref: 00416973
                                • CloseClipboard.USER32 ref: 00416990
                                • OpenClipboard.USER32 ref: 00416997
                                • GetClipboardData.USER32(0000000D), ref: 004169A7
                                • GlobalLock.KERNEL32(00000000), ref: 004169B0
                                • GlobalUnlock.KERNEL32(00000000), ref: 004169B9
                                • CloseClipboard.USER32 ref: 004169BF
                                  • Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Clipboard$Global$CloseDataLockOpenUnlock$AllocEmptysend
                                • String ID: !D@
                                • API String ID: 3520204547-604454484
                                • Opcode ID: f98e19e59eea15a91d3b71fa0c0f5b928df445f0179be6eeee7715d264c86d8b
                                • Instruction ID: 40a69bedac3bd734cdfdd6227e623399476ab8ebe6f0a7c245c4ec6d1d06efb6
                                • Opcode Fuzzy Hash: f98e19e59eea15a91d3b71fa0c0f5b928df445f0179be6eeee7715d264c86d8b
                                • Instruction Fuzzy Hash: 16215171204301EBD714BB71DC5DAAE7AA9AF88746F00043EF946961E2EF3C8C45866A
                                Function 0040BD72 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 131fileCOMMON
                                Download Yara Rule
                                APIs
                                • FindFirstFileA.KERNEL32(00000000,?,00000000,\AppData\Roaming\Mozilla\Firefox\Profiles\), ref: 0040BDEA
                                • FindClose.KERNEL32(00000000), ref: 0040BE04
                                • FindNextFileA.KERNEL32(00000000,?), ref: 0040BEC4
                                • FindClose.KERNEL32(00000000), ref: 0040BEEA
                                • FindClose.KERNEL32(00000000), ref: 0040BF0B
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Find$Close$File$FirstNext
                                • String ID: [Firefox Cookies not found]$[Firefox cookies found, cleared!]$UserProfile$\AppData\Roaming\Mozilla\Firefox\Profiles\$\cookies.sqlite
                                • API String ID: 3527384056-432212279
                                • Opcode ID: 957e4b9f77f0127c971f2cbaa54e22c6f4c97dcdb1298e2b7e9e5f591e6deb8c
                                • Instruction ID: 490896facf616f27299b965c2ba25c256be2621490ca3b25f990f1d956524bcc
                                • Opcode Fuzzy Hash: 957e4b9f77f0127c971f2cbaa54e22c6f4c97dcdb1298e2b7e9e5f591e6deb8c
                                • Instruction Fuzzy Hash: E0417F3190021AAACB04F7B2DC5A9EE7769AF11704F50057FF506B21E2EF385A458A9D
                                Function 0040F4AF Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 210processCOMMON
                                Download Yara Rule
                                APIs
                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,004750F4,?,00475348), ref: 0040F4C9
                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00475348), ref: 0040F4F4
                                • Process32FirstW.KERNEL32(00000000,0000022C), ref: 0040F510
                                • Process32NextW.KERNEL32(00000000,0000022C), ref: 0040F58F
                                • CloseHandle.KERNEL32(00000000,?,00000000,?,?,00475348), ref: 0040F59E
                                  • Part of subcall function 0041C26E: OpenProcess.KERNEL32(00001000,00000000,?,00000000,00000000,00000000), ref: 0041C286
                                  • Part of subcall function 0041C26E: OpenProcess.KERNEL32(00000400,00000000,?,?,00000000,00000000,00000000), ref: 0041C299
                                • CloseHandle.KERNEL32(00000000,?,00475348), ref: 0040F6A9
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CloseHandleOpenProcessProcess32$CreateFileFirstModuleNameNextSnapshotToolhelp32
                                • String ID: C:\Program Files(x86)\Internet Explorer\$Inj$ieinstal.exe$ielowutil.exe$RG
                                • API String ID: 3756808967-4270599879
                                • Opcode ID: 3acc3f55b6397cee36b7d5ef666cd78527c930f9b8fa3a8dd2be36fd150b4bf2
                                • Instruction ID: f7ffc7f0dfbd756cb6275d6ec2ba0be94116b78c8c9f611e281f0170cc986b4a
                                • Opcode Fuzzy Hash: 3acc3f55b6397cee36b7d5ef666cd78527c930f9b8fa3a8dd2be36fd150b4bf2
                                • Instruction Fuzzy Hash: 4C7130705083419AC724FB21D8559AEB7E4AF90348F40483FF586631E3EF79994DCB9A
                                Function 00419662 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 206COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: 0$1$2$3$4$5$6$7
                                • API String ID: 0-3177665633
                                • Opcode ID: 8290dbae049be2cdd206d8bf1c1fda6425e159576a2ff2ba4f12e613f6a6ac2b
                                • Instruction ID: 3c74f5afe55031bef20d6cb4aa2bc38f0c43463ce83be6e36937eb537edf8bdf
                                • Opcode Fuzzy Hash: 8290dbae049be2cdd206d8bf1c1fda6425e159576a2ff2ba4f12e613f6a6ac2b
                                • Instruction Fuzzy Hash: CB71E2709183019FD704EF21D862BAB7B94DF85710F00492FF5A26B2D1DE78AB49CB96
                                Function 0040A41B Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 112keyboardthreadCOMMON
                                Download Yara Rule
                                APIs
                                • GetForegroundWindow.USER32 ref: 0040A451
                                • GetWindowThreadProcessId.USER32(00000000,?), ref: 0040A45D
                                • GetKeyboardLayout.USER32(00000000), ref: 0040A464
                                • GetKeyState.USER32(00000010), ref: 0040A46E
                                • GetKeyboardState.USER32(?), ref: 0040A479
                                • ToUnicodeEx.USER32(?,?,?,?,00000010,00000000,00000000), ref: 0040A49C
                                • ToUnicodeEx.USER32(?,?,00000010,00000000,00000000), ref: 0040A4FC
                                • ToUnicodeEx.USER32(?,?,?,?,00000010,00000000,00000000), ref: 0040A535
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Unicode$KeyboardStateWindow$ForegroundLayoutProcessThread
                                • String ID: (kG
                                • API String ID: 1888522110-2813241365
                                • Opcode ID: 31ed79bda99ad10420f5864c73503205d5e880a6a674e4152aa1d5376154a4ca
                                • Instruction ID: 3b9a32d10988b9101c987d3e8fcb44953e801c6634267c48ca941b3c69dca571
                                • Opcode Fuzzy Hash: 31ed79bda99ad10420f5864c73503205d5e880a6a674e4152aa1d5376154a4ca
                                • Instruction Fuzzy Hash: F8316D72504308BFD700DFA0DC45F9B7BECAB88754F00083AB645D61A0D7B5E948CBA6
                                Function 00407538 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 56COMMON
                                Download Yara Rule
                                APIs
                                • _wcslen.LIBCMT ref: 0040755C
                                • CoGetObject.OLE32(?,00000024,00466528,00000000), ref: 004075BD
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Object_wcslen
                                • String ID: $$Elevation:Administrator!new:$[+] CoGetObject$[+] CoGetObject SUCCESS$[+] ucmAllocateElevatedObject$[-] CoGetObject FAILURE${3E5FC7F9-9A51-4367-9063-A120244FBEC7}
                                • API String ID: 240030777-3166923314
                                • Opcode ID: ee0c587a1dfa56a4776c25ed63fc93c62e7d4b1650b4331978f6b80fa64f11fb
                                • Instruction ID: 28daeeabb8f9d0779e909056d36d27ae9c6096be3406941992b1a3e854751cf1
                                • Opcode Fuzzy Hash: ee0c587a1dfa56a4776c25ed63fc93c62e7d4b1650b4331978f6b80fa64f11fb
                                • Instruction Fuzzy Hash: 88113771D04214B6D710EA959845BDEB77C9B08714F15006FF904B2281EB7CAE448A6F
                                Function 0041A7D9 Relevance: 15.2, APIs: 10, Instructions: 228serviceCOMMON
                                Download Yara Rule
                                APIs
                                • OpenSCManagerA.ADVAPI32(00000000,00000000,00000004,004758F8), ref: 0041A7EF
                                • EnumServicesStatusW.ADVAPI32(00000000,0000003B,00000003,?,00000000,?,?,?), ref: 0041A83E
                                • GetLastError.KERNEL32 ref: 0041A84C
                                • EnumServicesStatusW.ADVAPI32(00000000,0000003B,00000003,00000000,?,?,?,?), ref: 0041A884
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: EnumServicesStatus$ErrorLastManagerOpen
                                • String ID:
                                • API String ID: 3587775597-0
                                • Opcode ID: 52703ba9691f9b4d3d251ef54cf45ecf5d42af2de60a6ecad213e5d7b6109cf7
                                • Instruction ID: 52116c85fb856a5ac6c14b0259405ec20ae2fa8d9cc538ef9907a440d1633313
                                • Opcode Fuzzy Hash: 52703ba9691f9b4d3d251ef54cf45ecf5d42af2de60a6ecad213e5d7b6109cf7
                                • Instruction Fuzzy Hash: 17817071104301ABC304EF61D885DAFB7A8FF94749F50082EF185521A2EF78EE49CB9A
                                Function 00452690 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 188COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00448295: GetLastError.KERNEL32(?,0043F770,0043A875,0043F770,00474F08,?,0043CE65,FF8BC35D,00474F08,00474F08), ref: 00448299
                                  • Part of subcall function 00448295: _free.LIBCMT ref: 004482CC
                                  • Part of subcall function 00448295: SetLastError.KERNEL32(00000000,FF8BC35D,00474F08,00474F08), ref: 0044830D
                                  • Part of subcall function 00448295: _abort.LIBCMT ref: 00448313
                                  • Part of subcall function 00448295: _free.LIBCMT ref: 004482F4
                                  • Part of subcall function 00448295: SetLastError.KERNEL32(00000000,FF8BC35D,00474F08,00474F08), ref: 00448301
                                • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 0045279C
                                • IsValidCodePage.KERNEL32(00000000), ref: 004527F7
                                • IsValidLocale.KERNEL32(?,00000001), ref: 00452806
                                • GetLocaleInfoW.KERNEL32(?,00001001,JD,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 0045284E
                                • GetLocaleInfoW.KERNEL32(?,00001002,00000000,00000040), ref: 0045286D
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
                                • String ID: JD$JD$JD
                                • API String ID: 745075371-3517165026
                                • Opcode ID: d20e60e436924f937cd003670a139ed53a354482d02232a94d44678fcfb69b99
                                • Instruction ID: 3c84011e7dbdf7a6f9673bc5a23f9f2f22d5020eb6794df094384b3d0215d6fb
                                • Opcode Fuzzy Hash: d20e60e436924f937cd003670a139ed53a354482d02232a94d44678fcfb69b99
                                • Instruction Fuzzy Hash: 9B518571900205ABDB10DFA5CD45ABF77B8EF0A702F04046BED14E7292E7B89948CB69
                                Function 0041A045 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 176sleeptimeCOMMON
                                Download Yara Rule
                                APIs
                                • __EH_prolog.LIBCMT ref: 0041A04A
                                • GdiplusStartup.GDIPLUS(00474AE0,?,00000000), ref: 0041A07C
                                • CreateDirectoryW.KERNEL32(00000000,00000000,00000000,0000001A,00000019), ref: 0041A108
                                • Sleep.KERNEL32(000003E8), ref: 0041A18E
                                • GetLocalTime.KERNEL32(?), ref: 0041A196
                                • Sleep.KERNEL32(00000000,00000018,00000000), ref: 0041A285
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Sleep$CreateDirectoryGdiplusH_prologLocalStartupTime
                                • String ID: time_%04i%02i%02i_%02i%02i%02i$wnd_%04i%02i%02i_%02i%02i%02i
                                • API String ID: 489098229-3790400642
                                • Opcode ID: 8aea3dbe3624b4601201b0c9305804d9af738c6d309839d4ab240c50abe53ab1
                                • Instruction ID: ac563f1b8c988fbcbdb25ffa0f060f034023d1de15a29d9718e9897573209577
                                • Opcode Fuzzy Hash: 8aea3dbe3624b4601201b0c9305804d9af738c6d309839d4ab240c50abe53ab1
                                • Instruction Fuzzy Hash: 3F518E70A00215AACB14BBB5C8529FD77A9AF54308F40403FF509AB1E2EF7C4D85C799
                                Function 0040C388 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 112fileCOMMON
                                Download Yara Rule
                                APIs
                                • FindFirstFileW.KERNEL32(00000000,?,\Mozilla\Firefox\Profiles\,00000000), ref: 0040C3D6
                                • FindNextFileW.KERNEL32(00000000,?), ref: 0040C4A9
                                • FindClose.KERNEL32(00000000), ref: 0040C4B8
                                • FindClose.KERNEL32(00000000), ref: 0040C4E3
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Find$CloseFile$FirstNext
                                • String ID: AppData$\Mozilla\Firefox\Profiles\$\cookies.sqlite
                                • API String ID: 1164774033-405221262
                                • Opcode ID: 16699f253eb694e645df394590cd07ecc1e2a8d21e3ab42a134cc6613b8af75d
                                • Instruction ID: 33618048715e6b2d4a7b39963b1e19558724686ef99070a322097c87c0ca4c0c
                                • Opcode Fuzzy Hash: 16699f253eb694e645df394590cd07ecc1e2a8d21e3ab42a134cc6613b8af75d
                                • Instruction Fuzzy Hash: 59313E31500219AACB14E761DC9A9EE7778AF50719F10057FF106B21E2EF7C9946CA4D
                                Function 0041C322 Relevance: 13.6, APIs: 9, Instructions: 106fileCOMMON
                                Download Yara Rule
                                APIs
                                • FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,00474EF0,?), ref: 0041C37D
                                • FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?,00474EF0,?), ref: 0041C3AD
                                • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,00474EF0,?), ref: 0041C41F
                                • DeleteFileW.KERNEL32(?,?,?,?,?,?,00474EF0,?), ref: 0041C42C
                                  • Part of subcall function 0041C322: RemoveDirectoryW.KERNEL32(?,?,?,?,?,?,00474EF0,?), ref: 0041C402
                                • GetLastError.KERNEL32(?,?,?,?,?,00474EF0,?), ref: 0041C44D
                                • FindClose.KERNEL32(00000000,?,?,?,?,?,00474EF0,?), ref: 0041C463
                                • RemoveDirectoryW.KERNEL32(00000000,?,?,?,?,?,00474EF0,?), ref: 0041C46A
                                • FindClose.KERNEL32(00000000,?,?,?,?,?,00474EF0,?), ref: 0041C473
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: FileFind$CloseDirectoryRemove$AttributesDeleteErrorFirstLastNext
                                • String ID:
                                • API String ID: 2341273852-0
                                • Opcode ID: 62a2abd498f26ce669d7ffff052401bb4e8331d26592ec8f44b35c1b9ec2a307
                                • Instruction ID: 53b23dfad01ba0d5beec27b7c27070a1caf437d6ccbc5233b8522822963bc02e
                                • Opcode Fuzzy Hash: 62a2abd498f26ce669d7ffff052401bb4e8331d26592ec8f44b35c1b9ec2a307
                                • Instruction Fuzzy Hash: 4A31807284431CAADB24E761DC89EEB736CAF09305F0405FBF559D2051EB3DDAC98A58
                                Function 0040A2F3 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63windowCOMMON
                                Download Yara Rule
                                APIs
                                • GetModuleHandleA.KERNEL32(00000000,00000000), ref: 0040A30E
                                • SetWindowsHookExA.USER32(0000000D,0040A2DF,00000000), ref: 0040A31C
                                • GetLastError.KERNEL32 ref: 0040A328
                                  • Part of subcall function 0041B580: GetLocalTime.KERNEL32(00000000), ref: 0041B59A
                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 0040A376
                                • TranslateMessage.USER32(?), ref: 0040A385
                                • DispatchMessageA.USER32(?), ref: 0040A390
                                Strings
                                • Keylogger initialization failure: error , xrefs: 0040A33C
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Message$DispatchErrorHandleHookLastLocalModuleTimeTranslateWindows
                                • String ID: Keylogger initialization failure: error
                                • API String ID: 3219506041-952744263
                                • Opcode ID: f6438d0ece582153da91c0d5bff560373b785e456ae076c588142eaef4cdec3b
                                • Instruction ID: bc7b44719e59224dfa2ccda8cade24f8ec1ba8a069f7aee67aec650331f950b6
                                • Opcode Fuzzy Hash: f6438d0ece582153da91c0d5bff560373b785e456ae076c588142eaef4cdec3b
                                • Instruction Fuzzy Hash: 8911C131510301EBC710BB769C0986B77ACEB95715B20097EFC82E22D1FB34C910CBAA
                                Function 00414005 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 382registrylibraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                • RegCreateKeyExW.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 004140D8
                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 004140E4
                                  • Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36
                                • LoadLibraryA.KERNEL32(Shlwapi.dll,SHDeleteKeyW,00000000,00000001), ref: 004142A5
                                • GetProcAddress.KERNEL32(00000000), ref: 004142AC
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: AddressCloseCreateLibraryLoadProcsend
                                • String ID: SHDeleteKeyW$Shlwapi.dll
                                • API String ID: 2127411465-314212984
                                • Opcode ID: d60aa463507e2fd8c096106fd3dc492c6bf48f037ae113293acea6d61ff72dd4
                                • Instruction ID: cc57822c2a7f940fffebe33daf0632284ddc1748a3b8d5e961f42c670a34d5b4
                                • Opcode Fuzzy Hash: d60aa463507e2fd8c096106fd3dc492c6bf48f037ae113293acea6d61ff72dd4
                                • Instruction Fuzzy Hash: D1B1F671A0430066CA14BB76DC579AF36A89F91748F40053FB906671E2EE7D8A48C6DA
                                Function 00449210 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • _free.LIBCMT ref: 00449292
                                • _free.LIBCMT ref: 004492B6
                                • _free.LIBCMT ref: 0044943D
                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,0045F244), ref: 0044944F
                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00472764,000000FF,00000000,0000003F,00000000,?,?), ref: 004494C7
                                • WideCharToMultiByte.KERNEL32(00000000,00000000,004727B8,000000FF,?,0000003F,00000000,?), ref: 004494F4
                                • _free.LIBCMT ref: 00449609
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                • String ID:
                                • API String ID: 314583886-0
                                • Opcode ID: 99b9f95825b3d3947f98974b62c5657870841952fc290d3d865075dfb712b2e8
                                • Instruction ID: 020e1479f4dc59d8c1013f8997fe2690be381d41ecad25fd3e4808fcef6bdafa
                                • Opcode Fuzzy Hash: 99b9f95825b3d3947f98974b62c5657870841952fc290d3d865075dfb712b2e8
                                • Instruction Fuzzy Hash: E0C13A71900205ABFB24DF79CD41AAF7BA8EF46314F2405AFE884D7291E7788D42D758
                                Function 004167EF Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 97libraryloadershutdownCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0041798D: GetCurrentProcess.KERNEL32(00000028,?), ref: 0041799A
                                  • Part of subcall function 0041798D: OpenProcessToken.ADVAPI32(00000000), ref: 004179A1
                                  • Part of subcall function 0041798D: LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004179B3
                                  • Part of subcall function 0041798D: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 004179D2
                                  • Part of subcall function 0041798D: GetLastError.KERNEL32 ref: 004179D8
                                • ExitWindowsEx.USER32(00000000,00000001), ref: 00416891
                                • LoadLibraryA.KERNEL32(PowrProf.dll,SetSuspendState,00000000,00000000,00000000), ref: 004168A6
                                • GetProcAddress.KERNEL32(00000000), ref: 004168AD
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ProcessToken$AddressAdjustCurrentErrorExitLastLibraryLoadLookupOpenPrivilegePrivilegesProcValueWindows
                                • String ID: !D@$PowrProf.dll$SetSuspendState
                                • API String ID: 1589313981-2876530381
                                • Opcode ID: ee499d4d47afde6cc3500bc760edfd9f3d73b5503f1d67301f657f5df503f6e6
                                • Instruction ID: 272f3f60014ab8f8f2fa2781f50e1ac7d9ab3f628c5d0f86ef79d7992e461550
                                • Opcode Fuzzy Hash: ee499d4d47afde6cc3500bc760edfd9f3d73b5503f1d67301f657f5df503f6e6
                                • Instruction Fuzzy Hash: D821B17060430166CA14FBB28856ABF36599F41388F41087FB501671D2EF3DD845C76E
                                Function 0040F7E2 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 88sleepCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00413584: RegOpenKeyExA.KERNELBASE(80000001,00000000,00000000,00020019,00000000,00000000), ref: 004135A4
                                  • Part of subcall function 00413584: RegQueryValueExA.ADVAPI32(00000000,?,00000000,?,?,?), ref: 004135C2
                                  • Part of subcall function 00413584: RegCloseKey.ADVAPI32(00000000), ref: 004135CD
                                • Sleep.KERNEL32(00000BB8), ref: 0040F896
                                • ExitProcess.KERNEL32 ref: 0040F905
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CloseExitOpenProcessQuerySleepValue
                                • String ID: 5.2.0 Pro$override$pth_unenc$RG
                                • API String ID: 2281282204-1448307011
                                • Opcode ID: 79ecbb4f6ab754b25350e38b39f875c08ef85ee2b1de4a6ef4de9a804ca5cbfe
                                • Instruction ID: 0454f1d730b8de97e77b6af0221289a353f5645d6d0bcfbcd4472c6607f37e61
                                • Opcode Fuzzy Hash: 79ecbb4f6ab754b25350e38b39f875c08ef85ee2b1de4a6ef4de9a804ca5cbfe
                                • Instruction Fuzzy Hash: 7421E171B0420127D6087676885B6AE399A9B80708F50453FF409672D6FF7C8E0483AF
                                Function 0041B411 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69networkfileCOMMON
                                Download Yara Rule
                                APIs
                                • InternetOpenW.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0041B438
                                • InternetOpenUrlW.WININET(00000000,http://geoplugin.net/json.gp,00000000,00000000,80000000,00000000), ref: 0041B44E
                                • InternetReadFile.WININET(00000000,00000000,0000FFFF,00000000), ref: 0041B467
                                • InternetCloseHandle.WININET(00000000), ref: 0041B4AD
                                • InternetCloseHandle.WININET(00000000), ref: 0041B4B0
                                Strings
                                • http://geoplugin.net/json.gp, xrefs: 0041B448
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Internet$CloseHandleOpen$FileRead
                                • String ID: http://geoplugin.net/json.gp
                                • API String ID: 3121278467-91888290
                                • Opcode ID: b01590e2803785cbe291e15456c0bc7acaef33a62877e88be574051367ac5976
                                • Instruction ID: e320c318363c88f1c040182635621d8729538b68a2f0080144892bf513bd3cc2
                                • Opcode Fuzzy Hash: b01590e2803785cbe291e15456c0bc7acaef33a62877e88be574051367ac5976
                                • Instruction Fuzzy Hash: 011198311053126BD224AB269C49EBF7F9CEF86765F10043EF945A2282DB689C44C6FA
                                Function 0040BA4D Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 49fileCOMMON
                                Download Yara Rule
                                APIs
                                • DeleteFileA.KERNEL32(00000000,\AppData\Local\Google\Chrome\User Data\Default\Login Data), ref: 0040BA89
                                • GetLastError.KERNEL32 ref: 0040BA93
                                Strings
                                • \AppData\Local\Google\Chrome\User Data\Default\Login Data, xrefs: 0040BA54
                                • UserProfile, xrefs: 0040BA59
                                • [Chrome StoredLogins not found], xrefs: 0040BAAD
                                • [Chrome StoredLogins found, cleared!], xrefs: 0040BAB9
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: DeleteErrorFileLast
                                • String ID: [Chrome StoredLogins found, cleared!]$[Chrome StoredLogins not found]$UserProfile$\AppData\Local\Google\Chrome\User Data\Default\Login Data
                                • API String ID: 2018770650-1062637481
                                • Opcode ID: d6312413c91956911aeebdf781d371ca6745e6f6be180b60b08b021ffbe32e09
                                • Instruction ID: 0532e36a1aab116e50a9f1d1704ee325f44086adb43c50cfffb7bf5285f9a594
                                • Opcode Fuzzy Hash: d6312413c91956911aeebdf781d371ca6745e6f6be180b60b08b021ffbe32e09
                                • Instruction Fuzzy Hash: 76018F61A402056ACB04B7B6DC5B9BE7724A921704B50057FF806722D2FE7D49098BDE
                                Function 0041798D Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 33COMMON
                                Download Yara Rule
                                APIs
                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 0041799A
                                • OpenProcessToken.ADVAPI32(00000000), ref: 004179A1
                                • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004179B3
                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 004179D2
                                • GetLastError.KERNEL32 ref: 004179D8
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ProcessToken$AdjustCurrentErrorLastLookupOpenPrivilegePrivilegesValue
                                • String ID: SeShutdownPrivilege
                                • API String ID: 3534403312-3733053543
                                • Opcode ID: d49d9c43419eaec1bfbdc5cb8a800583ef6843b46de48ba71f06d4aa9fea9060
                                • Instruction ID: 35ac2027e355ce869dd6e937a138cd84cb59798e299a7bc9dfe05b1c572390d3
                                • Opcode Fuzzy Hash: d49d9c43419eaec1bfbdc5cb8a800583ef6843b46de48ba71f06d4aa9fea9060
                                • Instruction Fuzzy Hash: 38F03A71802229FBDB10ABA1EC4DAEF7FBCEF05612F100465B909A1152D7348E04CBB5
                                Function 0040928E Relevance: 9.3, APIs: 6, Instructions: 293fileCOMMON
                                Download Yara Rule
                                APIs
                                • __EH_prolog.LIBCMT ref: 00409293
                                  • Part of subcall function 004048C8: connect.WS2_32(?,?,?), ref: 004048E0
                                  • Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36
                                • __CxxThrowException@8.LIBVCRUNTIME ref: 0040932F
                                • FindFirstFileW.KERNEL32(00000000,?,?,?,00000064), ref: 0040938D
                                • FindNextFileW.KERNEL32(00000000,?), ref: 004093E5
                                • FindClose.KERNEL32(00000000), ref: 004093FC
                                  • Part of subcall function 00404E26: WaitForSingleObject.KERNEL32(?,000000FF,00000000,00474F08,?,00000000,00474F08,00404CA8,00000000,?,?,00000000,00474F08,00404AC9), ref: 00404E38
                                  • Part of subcall function 00404E26: SetEvent.KERNEL32(?,?,00000000,00474F08,00404CA8,00000000,?,?,00000000,00474F08,00404AC9), ref: 00404E43
                                  • Part of subcall function 00404E26: CloseHandle.KERNEL32(?,?,00000000,00474F08,00404CA8,00000000,?,?,00000000,00474F08,00404AC9), ref: 00404E4C
                                • FindClose.KERNEL32(00000000), ref: 004095F4
                                  • Part of subcall function 00404AA1: WaitForSingleObject.KERNEL32(?,00000000,00401A45,?,?,00000004,?,?,00000004,00476B60,00474EF0,00000000), ref: 00404B47
                                  • Part of subcall function 00404AA1: SetEvent.KERNEL32(?,?,?,00000004,?,?,00000004,00476B60,00474EF0,00000000,?,?,?,?,?,00401A45), ref: 00404B75
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Find$Close$EventFileObjectSingleWait$Exception@8FirstH_prologHandleNextThrowconnectsend
                                • String ID:
                                • API String ID: 1824512719-0
                                • Opcode ID: 3e41b3b17ee7b625e39a35955fea55242fe89250a83e2d42a4dc1e136830e029
                                • Instruction ID: 7a56ba3823c44b8d3dadbfeca74e3365e00ee059376cf1b582d15bdd70b30780
                                • Opcode Fuzzy Hash: 3e41b3b17ee7b625e39a35955fea55242fe89250a83e2d42a4dc1e136830e029
                                • Instruction Fuzzy Hash: 8AB19D32900109AACB14EBA1DD92AEDB379AF44314F50417FF506B60E2EF785F49CB59
                                Function 0041AADB Relevance: 9.0, APIs: 6, Instructions: 39serviceCOMMON
                                Download Yara Rule
                                APIs
                                • OpenSCManagerW.ADVAPI32(00000000,00000000,00000010,00000000,00000001,?,0041A731,00000000), ref: 0041AAE4
                                • OpenServiceW.ADVAPI32(00000000,00000000,00000010,?,0041A731,00000000), ref: 0041AAF9
                                • CloseServiceHandle.ADVAPI32(00000000,?,0041A731,00000000), ref: 0041AB06
                                • StartServiceW.ADVAPI32(00000000,00000000,00000000,?,0041A731,00000000), ref: 0041AB11
                                • CloseServiceHandle.ADVAPI32(00000000,?,0041A731,00000000), ref: 0041AB23
                                • CloseServiceHandle.ADVAPI32(00000000,?,0041A731,00000000), ref: 0041AB26
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Service$CloseHandle$Open$ManagerStart
                                • String ID:
                                • API String ID: 276877138-0
                                • Opcode ID: ef3c0b856a1de7aadcfa328643844e0c859a8d8812f908c01dc675a5c8606680
                                • Instruction ID: 14dbf03deabb1432b93a26d2ddf90514dbbc411f15d31c7908333a88c2a5d316
                                • Opcode Fuzzy Hash: ef3c0b856a1de7aadcfa328643844e0c859a8d8812f908c01dc675a5c8606680
                                • Instruction Fuzzy Hash: FEF0E971141225AFD2115B209C88DFF276CDF85B66B00082AF901921919B68CC45E579
                                Function 00419B86 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 245fileCOMMON
                                Download Yara Rule
                                APIs
                                • FindFirstFileW.KERNEL32(00000000,?), ref: 00419DDC
                                • FindNextFileW.KERNEL32(00000000,?,?), ref: 00419EA8
                                  • Part of subcall function 0041C516: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,?,00000000,0040412F,00465E84), ref: 0041C52F
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: File$Find$CreateFirstNext
                                • String ID: HSG$`XG$`XG
                                • API String ID: 341183262-3993355375
                                • Opcode ID: f960a2685c17b2da21d256c5b4afff86d1ff18c459707e3bf4a0ba585bc801d9
                                • Instruction ID: 3e2b8d556a8fbdbb081ab446324185a4f3aab8361380fbf0113865ad31d0729a
                                • Opcode Fuzzy Hash: f960a2685c17b2da21d256c5b4afff86d1ff18c459707e3bf4a0ba585bc801d9
                                • Instruction Fuzzy Hash: 588151315083415BC314FB22C856EEFB3A9AF90344F90493FF546671E2EF789A49C69A
                                Function 004524BC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,004527DB,?,00000000), ref: 00452555
                                • GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,004527DB,?,00000000), ref: 0045257E
                                • GetACP.KERNEL32(?,?,004527DB,?,00000000), ref: 00452593
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: InfoLocale
                                • String ID: ACP$OCP
                                • API String ID: 2299586839-711371036
                                • Opcode ID: 61c68c86ee519c97ea86d50e82dd2762e668b1fdc7e44e8e256cfbf4b452970f
                                • Instruction ID: 097c3b5166b2d36aca1cb621bb06e922528e2ea4561953c90108b9915aa2a338
                                • Opcode Fuzzy Hash: 61c68c86ee519c97ea86d50e82dd2762e668b1fdc7e44e8e256cfbf4b452970f
                                • Instruction Fuzzy Hash: 7E21F932600108B6D734CF14CA10A9B73A6EB16B53B564467ED09D7312F7B6DD44C398
                                Function 0041B539 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON
                                Download Yara Rule
                                APIs
                                • FindResourceA.KERNEL32(SETTINGS,0000000A,00000000), ref: 0041B54A
                                • LoadResource.KERNEL32(00000000,?,?,0040F419,00000000), ref: 0041B55E
                                • LockResource.KERNEL32(00000000,?,?,0040F419,00000000), ref: 0041B565
                                • SizeofResource.KERNEL32(00000000,?,?,0040F419,00000000), ref: 0041B574
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Resource$FindLoadLockSizeof
                                • String ID: SETTINGS
                                • API String ID: 3473537107-594951305
                                • Opcode ID: 7e39093ddf5dcb720cd3caccf1e1277dc2c4d9143844da5a4d70bf483eb1c798
                                • Instruction ID: e87eb13c1a863bb520e8110b03cd0e44f0123e9e346c2db4eb51eb31bea7c0b5
                                • Opcode Fuzzy Hash: 7e39093ddf5dcb720cd3caccf1e1277dc2c4d9143844da5a4d70bf483eb1c798
                                • Instruction Fuzzy Hash: 23E01276600B21EBDB211FB1AC8CD467F25E7C9B533140075FA0582271CB758840DA58
                                Function 004096A0 Relevance: 7.7, APIs: 5, Instructions: 222fileCOMMON
                                Download Yara Rule
                                APIs
                                • __EH_prolog.LIBCMT ref: 004096A5
                                • FindFirstFileW.KERNEL32(00000000,?,00000000,00000000,?), ref: 0040971D
                                • FindNextFileW.KERNEL32(00000000,?), ref: 00409746
                                • FindClose.KERNEL32(000000FF,?,?,?,?,?,?), ref: 0040975D
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Find$File$CloseFirstH_prologNext
                                • String ID:
                                • API String ID: 1157919129-0
                                • Opcode ID: f7b9eefe839b2bcd70172dbc221549f90cff3adc7a7dcd26f8bce347a4c33931
                                • Instruction ID: 095255599cc0af9be2c5710cd9f248f54336688560ad7ccdcde9a73cf5c292f5
                                • Opcode Fuzzy Hash: f7b9eefe839b2bcd70172dbc221549f90cff3adc7a7dcd26f8bce347a4c33931
                                • Instruction Fuzzy Hash: CB813C729001099BCB15EBA2DC969EDB378AF14318F10417FE506B71E2EF789E49CB58
                                Function 00408847 Relevance: 7.7, APIs: 5, Instructions: 186fileCOMMON
                                Download Yara Rule
                                APIs
                                • __EH_prolog.LIBCMT ref: 0040884C
                                • FindFirstFileW.KERNEL32(00000000,?,00466618,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00408905
                                • __CxxThrowException@8.LIBVCRUNTIME ref: 0040892D
                                • FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040893A
                                • FindClose.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00408A50
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Find$File$CloseException@8FirstH_prologNextThrow
                                • String ID:
                                • API String ID: 1771804793-0
                                • Opcode ID: 23ee2504e33aeb78e6127e011e9d38d7d1f6fb91a84998afc16ba1de22ba214d
                                • Instruction ID: 967e03bdddb214c30410211942a515ee3c29859e80101891d5c5db132fd2cd64
                                • Opcode Fuzzy Hash: 23ee2504e33aeb78e6127e011e9d38d7d1f6fb91a84998afc16ba1de22ba214d
                                • Instruction Fuzzy Hash: 94517F72900209AACB04FB65DD569ED7778AF10308F50417FB906B71E2EF389B49CB99
                                Function 00446270 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 464COMMONLIBRARYCODE
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: FSE$FSE
                                • API String ID: 0-1826177230
                                • Opcode ID: 321144b451aceacc10be44255a5eb5313de52b8189587c3c0fdae4375c3dd106
                                • Instruction ID: f88ef0336175cd1615890b4a552d96ffb4623b3c947145a2eaf1ae153763923c
                                • Opcode Fuzzy Hash: 321144b451aceacc10be44255a5eb5313de52b8189587c3c0fdae4375c3dd106
                                • Instruction Fuzzy Hash: AA025D71E002199BEF14CFA9D8806AEFBF1FF49314F26816AD819E7384D734AD418B85
                                Function 00406EEB Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 222filenetworkCOMMON
                                Download Yara Rule
                                APIs
                                • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 00406FF7
                                • URLDownloadToFileW.URLMON(00000000,00000000,00000004,00000000,00000000), ref: 004070DB
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: DownloadExecuteFileShell
                                • String ID: C:\Users\user\Desktop\NEW ORDER- 4788467.exe$open
                                • API String ID: 2825088817-3783348576
                                • Opcode ID: e5fd96e75bd7356de3ffdb83187527b987809414ddaed4b489cd321a3dea8b2a
                                • Instruction ID: e12f74d6213dd3660153607da8c9b98f7978e2d251169c1aa1e307be856b925d
                                • Opcode Fuzzy Hash: e5fd96e75bd7356de3ffdb83187527b987809414ddaed4b489cd321a3dea8b2a
                                • Instruction Fuzzy Hash: 1461C471A0830166CA14FB76C8569BE37A59F81758F40093FF9427B2D2EE3C9905C79B
                                Function 00407877 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 86fileCOMMON
                                Download Yara Rule
                                APIs
                                • FindFirstFileW.KERNEL32(00000000,?,?,?,00000000), ref: 00407892
                                • FindNextFileW.KERNEL32(00000000,?,?,?,00000000), ref: 0040795A
                                  • Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: FileFind$FirstNextsend
                                • String ID: hPG$hPG
                                • API String ID: 4113138495-4177492676
                                • Opcode ID: 79d3a8a708a64aea57361e3084ac94982208e9b0b63170387c171430dbef8cca
                                • Instruction ID: abfa5a3658aec55442980c0effbd4670719d50d4d7308f226e3cac976b3f196c
                                • Opcode Fuzzy Hash: 79d3a8a708a64aea57361e3084ac94982208e9b0b63170387c171430dbef8cca
                                • Instruction Fuzzy Hash: CB2195315082019BC314FB61D895CEFB3ACAF90358F40493EF696620E1FF78AA09C65B
                                Function 0041CA73 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 83COMMON
                                Download Yara Rule
                                APIs
                                • SystemParametersInfoW.USER32(00000014,00000000,00000000,00000003), ref: 0041CB68
                                  • Part of subcall function 004137AA: RegCreateKeyA.ADVAPI32(80000001,Control Panel\Desktop,0046612C), ref: 004137B9
                                  • Part of subcall function 004137AA: RegSetValueExA.ADVAPI32(0046612C,?,00000000,?,00000000,00000000,Control Panel\Desktop,?,?,0041CB42,WallpaperStyle,0046612C,00000001,00474EF0,00000000), ref: 004137E1
                                  • Part of subcall function 004137AA: RegCloseKey.ADVAPI32(0046612C,?,?,0041CB42,WallpaperStyle,0046612C,00000001,00474EF0,00000000,?,00408798,00000001), ref: 004137EC
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CloseCreateInfoParametersSystemValue
                                • String ID: Control Panel\Desktop$TileWallpaper$WallpaperStyle
                                • API String ID: 4127273184-3576401099
                                • Opcode ID: f5c8ef2c27851cf1013244d94d6a0450d36d3a4faca39a9ae70033779c708183
                                • Instruction ID: 8ac436d711b2fc3476497f69dc57c3b9a547a247a31514f467319d0910454585
                                • Opcode Fuzzy Hash: f5c8ef2c27851cf1013244d94d6a0450d36d3a4faca39a9ae70033779c708183
                                • Instruction Fuzzy Hash: D7118472BC425022E81831396D9BFBE28068343F61F54456BF6022A6CAE4CF6A9143CF
                                Function 00451D58 Relevance: 6.2, APIs: 4, Instructions: 236COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00448295: GetLastError.KERNEL32(?,0043F770,0043A875,0043F770,00474F08,?,0043CE65,FF8BC35D,00474F08,00474F08), ref: 00448299
                                  • Part of subcall function 00448295: _free.LIBCMT ref: 004482CC
                                  • Part of subcall function 00448295: SetLastError.KERNEL32(00000000,FF8BC35D,00474F08,00474F08), ref: 0044830D
                                  • Part of subcall function 00448295: _abort.LIBCMT ref: 00448313
                                • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00444AF4,?,?,?,?,?,?,00000004), ref: 00451E3A
                                • _wcschr.LIBVCRUNTIME ref: 00451ECA
                                • _wcschr.LIBVCRUNTIME ref: 00451ED8
                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,00444AF4,00000000,00444C14), ref: 00451F7B
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
                                • String ID:
                                • API String ID: 4212172061-0
                                • Opcode ID: 542ab58a55aa9f08c463a9389d0e41dfe4354c1e35855495671bf6e32f2bde7c
                                • Instruction ID: 2c98265d6c7a89d72caae9d33925a6d6107158c78f730362dcab12f0c71d6669
                                • Opcode Fuzzy Hash: 542ab58a55aa9f08c463a9389d0e41dfe4354c1e35855495671bf6e32f2bde7c
                                • Instruction Fuzzy Hash: 7F611976600606AAD714AB75CC42FBB73A8EF04306F14056FFD05DB292EB78E948C769
                                Function 0045201B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00448295: GetLastError.KERNEL32(?,0043F770,0043A875,0043F770,00474F08,?,0043CE65,FF8BC35D,00474F08,00474F08), ref: 00448299
                                  • Part of subcall function 00448295: _free.LIBCMT ref: 004482CC
                                  • Part of subcall function 00448295: SetLastError.KERNEL32(00000000,FF8BC35D,00474F08,00474F08), ref: 0044830D
                                  • Part of subcall function 00448295: _abort.LIBCMT ref: 00448313
                                • EnumSystemLocalesW.KERNEL32(00452143,00000001,00000000,?,JD,?,00452770,00000000,?,?,?), ref: 0045208D
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                • String ID: p'E$JD
                                • API String ID: 1084509184-908320845
                                • Opcode ID: 475d6d5c58d7186cd22417851423cdf86cfe6bc0717def2965f4a7021c27fb53
                                • Instruction ID: b0e9e6415e7ea3a3ed95e939ef0edb9d062384d4a1a0bde9f31cc9ceae225fa6
                                • Opcode Fuzzy Hash: 475d6d5c58d7186cd22417851423cdf86cfe6bc0717def2965f4a7021c27fb53
                                • Instruction Fuzzy Hash: 0211553A2007019FDB189F39C9916BBBB92FF8075AB14482EEE4687B41D7B5A946C740
                                Function 00452143 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00448295: GetLastError.KERNEL32(?,0043F770,0043A875,0043F770,00474F08,?,0043CE65,FF8BC35D,00474F08,00474F08), ref: 00448299
                                  • Part of subcall function 00448295: _free.LIBCMT ref: 004482CC
                                  • Part of subcall function 00448295: SetLastError.KERNEL32(00000000,FF8BC35D,00474F08,00474F08), ref: 0044830D
                                  • Part of subcall function 00448295: _abort.LIBCMT ref: 00448313
                                  • Part of subcall function 00448295: _free.LIBCMT ref: 004482F4
                                  • Part of subcall function 00448295: SetLastError.KERNEL32(00000000,FF8BC35D,00474F08,00474F08), ref: 00448301
                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00452197
                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004521E8
                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004522A8
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ErrorInfoLastLocale$_free$_abort
                                • String ID:
                                • API String ID: 2829624132-0
                                • Opcode ID: 1ce7e7c7dfcd5f502045176aa51a1e3ace1f8c45826c3dbb4c0c9878229dab74
                                • Instruction ID: 283aa9570716a6929da4b93cb0bca45b8c77d553a5ebfd19e37a994bad1de6ac
                                • Opcode Fuzzy Hash: 1ce7e7c7dfcd5f502045176aa51a1e3ace1f8c45826c3dbb4c0c9878229dab74
                                • Instruction Fuzzy Hash: F361A235500207ABDF289F24CE82B7A77A8EF05306F1441BBED05C6656E7BC9D89CB58
                                Function 0043BB71 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • IsDebuggerPresent.KERNEL32 ref: 0043BC69
                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0043BC73
                                • UnhandledExceptionFilter.KERNEL32(?), ref: 0043BC80
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                • String ID:
                                • API String ID: 3906539128-0
                                • Opcode ID: 1e0b73e88f7870ac8a7e49df57248e9339733cda2bb7518ac33a0b9eb889d704
                                • Instruction ID: 25e88f5a56b9fbea854716c485460a06fbe33a825339a9765be54c88dd7cea35
                                • Opcode Fuzzy Hash: 1e0b73e88f7870ac8a7e49df57248e9339733cda2bb7518ac33a0b9eb889d704
                                • Instruction Fuzzy Hash: 0431D374901218ABCB21DF65D9887CDBBB8EF0C311F5051EAE81CA7251EB749F818F48
                                Function 004338C8 Relevance: 4.5, APIs: 3, Instructions: 30encryptionCOMMON
                                Download Yara Rule
                                APIs
                                • CryptAcquireContextA.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,?,00000000,00433550,00000034,?,?,00000000), ref: 004338DA
                                • CryptGenRandom.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,004335E3,00000000,?,00000000), ref: 004338F0
                                • CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,?,004335E3,00000000,?,00000000,0041E2E2), ref: 00433902
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Crypt$Context$AcquireRandomRelease
                                • String ID:
                                • API String ID: 1815803762-0
                                • Opcode ID: 81ae4bbc27a0383ddd18646ed4cc5f88ed8aa0b0f15284250c3048956b898281
                                • Instruction ID: d68cd6f5f98cbfa2ab0450769c499d20ea76a36e668e3df749659bd42d9a4b78
                                • Opcode Fuzzy Hash: 81ae4bbc27a0383ddd18646ed4cc5f88ed8aa0b0f15284250c3048956b898281
                                • Instruction Fuzzy Hash: 40E09A31208310FBEB301F21AC08F573AA5EF89B66F200A3AF256E40E4D6A68801965C
                                Function 00443355 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • GetCurrentProcess.KERNEL32(00000000,?,0044332B,00000000,0046E958,0000000C,00443482,00000000,00000002,00000000), ref: 00443376
                                • TerminateProcess.KERNEL32(00000000,?,0044332B,00000000,0046E958,0000000C,00443482,00000000,00000002,00000000), ref: 0044337D
                                • ExitProcess.KERNEL32 ref: 0044338F
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Process$CurrentExitTerminate
                                • String ID:
                                • API String ID: 1703294689-0
                                • Opcode ID: 4e3b9aa1e9039f050651c305726e439f17232b6e89e74059b12d513dd76054c6
                                • Instruction ID: 4b22f3a5ffe79ca7dfb81d814e561f82a31e4bef9a776fe0bb9daccb8e878f4b
                                • Opcode Fuzzy Hash: 4e3b9aa1e9039f050651c305726e439f17232b6e89e74059b12d513dd76054c6
                                • Instruction Fuzzy Hash: 9FE0B635401608FBDF11AF55DE09A5D3BAAEB40B56F005469FC498A272CF79EE42CB88
                                Function 0040B749 Relevance: 4.5, APIs: 3, Instructions: 19clipboardCOMMON
                                Download Yara Rule
                                APIs
                                • OpenClipboard.USER32(00000000), ref: 0040B74C
                                • GetClipboardData.USER32(0000000D), ref: 0040B758
                                • CloseClipboard.USER32 ref: 0040B760
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Clipboard$CloseDataOpen
                                • String ID:
                                • API String ID: 2058664381-0
                                • Opcode ID: 26d649817908997ada01c7e81b47d9ed8d660a846a8981428adfc510ab3c4a2f
                                • Instruction ID: 1c65eecdd0087a0ffd0b0a04a5b63b9ff0c479b34dfa65f2e767e94bdce73387
                                • Opcode Fuzzy Hash: 26d649817908997ada01c7e81b47d9ed8d660a846a8981428adfc510ab3c4a2f
                                • Instruction Fuzzy Hash: 45E0EC31745320EFC3206B609C49F9B6AA4DF85B52F05443AB905BB2E5DB78CC4086AD
                                Function 00434CB6 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 134COMMON
                                Download Yara Rule
                                APIs
                                • IsProcessorFeaturePresent.KERNEL32(0000000A,00000000), ref: 00434CCF
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: FeaturePresentProcessor
                                • String ID:
                                • API String ID: 2325560087-3916222277
                                • Opcode ID: 4259bdeace04940204f61aa74a979230364aaba3051b8f8e0efcae6fb7ed6494
                                • Instruction ID: 5e37b39ef68b784d6588b9ddffa6793edf4c3ade0924e8be62ba08be237937aa
                                • Opcode Fuzzy Hash: 4259bdeace04940204f61aa74a979230364aaba3051b8f8e0efcae6fb7ed6494
                                • Instruction Fuzzy Hash: E4515B71D002488FEB24CF69D98579EBBF4FB88314F24956BD419EB264D378A940CF98
                                Function 0044E8F9 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: .
                                • API String ID: 0-248832578
                                • Opcode ID: e4ba95ef050ff9873834a062f40f8bfe8ca2f849e5d953d5b04f24550caf4fd0
                                • Instruction ID: 7baa6cf80f4bdea99dbc4d330b45aada8194c6230f36d830dc1b60d3871032d3
                                • Opcode Fuzzy Hash: e4ba95ef050ff9873834a062f40f8bfe8ca2f849e5d953d5b04f24550caf4fd0
                                • Instruction Fuzzy Hash: DF3107B1900259AFEB24DE7ACC84EFB7BBDEB46318F0401AEF41897291E6349D418B54
                                Function 004520B6 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00448295: GetLastError.KERNEL32(?,0043F770,0043A875,0043F770,00474F08,?,0043CE65,FF8BC35D,00474F08,00474F08), ref: 00448299
                                  • Part of subcall function 00448295: _free.LIBCMT ref: 004482CC
                                  • Part of subcall function 00448295: SetLastError.KERNEL32(00000000,FF8BC35D,00474F08,00474F08), ref: 0044830D
                                  • Part of subcall function 00448295: _abort.LIBCMT ref: 00448313
                                • EnumSystemLocalesW.KERNEL32(00452393,00000001,?,?,JD,?,00452734,JD,?,?,?,?,?,00444AED,?,?), ref: 00452102
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                • String ID: JD
                                • API String ID: 1084509184-2669065882
                                • Opcode ID: 43afbb6a7401c46fb6bd1099fc40b6d5da7848bdbd3577d5ff827f5c50c4ae4e
                                • Instruction ID: 883a99871793c155097d9da94a803295819168bd30f8f35cc04eca091e96b9f4
                                • Opcode Fuzzy Hash: 43afbb6a7401c46fb6bd1099fc40b6d5da7848bdbd3577d5ff827f5c50c4ae4e
                                • Instruction Fuzzy Hash: E8F0FF363007056FDB245F399881A6B7B96FB82769B04482EFE458B682DAB99C42D604
                                Function 0044896D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,?,?,00000004), ref: 004489C0
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: InfoLocale
                                • String ID: GetLocaleInfoEx
                                • API String ID: 2299586839-2904428671
                                • Opcode ID: 53574c2ecf56bfb558b2c309ca3eb91f9c7a0a18e0f2245662e0b0bedf18becb
                                • Instruction ID: 58f0578312c774904006f9ed4749830948a62bec6dc8fde4d932476f73229d15
                                • Opcode Fuzzy Hash: 53574c2ecf56bfb558b2c309ca3eb91f9c7a0a18e0f2245662e0b0bedf18becb
                                • Instruction Fuzzy Hash: C0F0F631640608FBDB016F61DC06F6E7B25EB04751F00056EFC0966251DE368D2096DE
                                Function 004120B2 Relevance: 2.6, APIs: 2, Instructions: 55memoryCOMMON
                                Download Yara Rule
                                APIs
                                • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,00411F72,?,?,?,?,00000000), ref: 00412122
                                • HeapFree.KERNEL32(00000000,?,?,?,?,00000000), ref: 00412129
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Heap$FreeProcess
                                • String ID:
                                • API String ID: 3859560861-0
                                • Opcode ID: 95356b50ae1c40d028bb7c10486cf6eec28d3cbd66e590edfc92b155960a397c
                                • Instruction ID: dd486cb6b879bf1be37f4e59d5b3b18419fca2aff5c7e471244091183f2ba527
                                • Opcode Fuzzy Hash: 95356b50ae1c40d028bb7c10486cf6eec28d3cbd66e590edfc92b155960a397c
                                • Instruction Fuzzy Hash: 0D113632000B11AFC7309F54DE85957BBEAFF08715305892EF29682922CB75FCA0CB48
                                Function 00452393 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00448295: GetLastError.KERNEL32(?,0043F770,0043A875,0043F770,00474F08,?,0043CE65,FF8BC35D,00474F08,00474F08), ref: 00448299
                                  • Part of subcall function 00448295: _free.LIBCMT ref: 004482CC
                                  • Part of subcall function 00448295: SetLastError.KERNEL32(00000000,FF8BC35D,00474F08,00474F08), ref: 0044830D
                                  • Part of subcall function 00448295: _abort.LIBCMT ref: 00448313
                                  • Part of subcall function 00448295: _free.LIBCMT ref: 004482F4
                                  • Part of subcall function 00448295: SetLastError.KERNEL32(00000000,FF8BC35D,00474F08,00474F08), ref: 00448301
                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004523E7
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ErrorLast$_free$InfoLocale_abort
                                • String ID:
                                • API String ID: 1663032902-0
                                • Opcode ID: b4047fd74fafd511f87100a415ff7352fa71784cc782813174b617cf7262d9f7
                                • Instruction ID: 2d4dd0c1c30cd12b50dfb53a4a1f7f5f9091958bb121381f53cce851c87d7921
                                • Opcode Fuzzy Hash: b4047fd74fafd511f87100a415ff7352fa71784cc782813174b617cf7262d9f7
                                • Instruction Fuzzy Hash: F921D632600606ABDB249F25DD41FBB73A8EB06316F10407FED01D6152EBBC9D48CB59
                                Function 004525C3 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00448295: GetLastError.KERNEL32(?,0043F770,0043A875,0043F770,00474F08,?,0043CE65,FF8BC35D,00474F08,00474F08), ref: 00448299
                                  • Part of subcall function 00448295: _free.LIBCMT ref: 004482CC
                                  • Part of subcall function 00448295: SetLastError.KERNEL32(00000000,FF8BC35D,00474F08,00474F08), ref: 0044830D
                                  • Part of subcall function 00448295: _abort.LIBCMT ref: 00448313
                                • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00452361,00000000,00000000,?), ref: 004525EF
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ErrorLast$InfoLocale_abort_free
                                • String ID:
                                • API String ID: 2692324296-0
                                • Opcode ID: 1fdc73b6016995a7e39b97608f5a3b1d34212a550219c51fc6701dbba91f5541
                                • Instruction ID: 8c29d710edde3bbc403447a64c1727e90569dbd09ff88c71ffccea9529c81983
                                • Opcode Fuzzy Hash: 1fdc73b6016995a7e39b97608f5a3b1d34212a550219c51fc6701dbba91f5541
                                • Instruction Fuzzy Hash: C4F04936A00116BBDB245A24D905BBF7B58EB01315F04446BEC05A3241FAF8FD058694
                                Function 0041B69E Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                Download Yara Rule
                                APIs
                                • GetUserNameW.ADVAPI32(?,0040F25E), ref: 0041B6D3
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: NameUser
                                • String ID:
                                • API String ID: 2645101109-0
                                • Opcode ID: e75705911cc2a0b46837e609ad128fde2e6df1d534e004a7f5bb61fdffa7900c
                                • Instruction ID: 96a0ba9ffe47efa01ac310f3847ceb2d7b3b0148e4494d8e74ae155582b6cc75
                                • Opcode Fuzzy Hash: e75705911cc2a0b46837e609ad128fde2e6df1d534e004a7f5bb61fdffa7900c
                                • Instruction Fuzzy Hash: 9E014F7190011CABCB01EBD1DC45EEDB7BCAF44309F10016AB505B21A1EFB46E888BA8
                                Function 00448484 Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00445909: EnterCriticalSection.KERNEL32(?,?,0044305C,00000000,0046E938,0000000C,00443017,?,?,?,00445BA7,?,?,0044834A,00000001,00000364), ref: 00445918
                                • EnumSystemLocalesW.KERNEL32(0044843E,00000001,0046EAE0,0000000C), ref: 004484BC
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CriticalEnterEnumLocalesSectionSystem
                                • String ID:
                                • API String ID: 1272433827-0
                                • Opcode ID: 08771b5932cf67d2f7a499a1ea32343f451e1cff339441a182db03018af17ba2
                                • Instruction ID: 901ea181f65c0ebd25502bb0be635eecd519ab6688482fb1bf3a60b9f01fb263
                                • Opcode Fuzzy Hash: 08771b5932cf67d2f7a499a1ea32343f451e1cff339441a182db03018af17ba2
                                • Instruction Fuzzy Hash: 37F04F76A50200EFEB00EF69D946B4D37E0FB04725F10446EF514DB2A2DB7899809B49
                                Function 00451FD0 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00448295: GetLastError.KERNEL32(?,0043F770,0043A875,0043F770,00474F08,?,0043CE65,FF8BC35D,00474F08,00474F08), ref: 00448299
                                  • Part of subcall function 00448295: _free.LIBCMT ref: 004482CC
                                  • Part of subcall function 00448295: SetLastError.KERNEL32(00000000,FF8BC35D,00474F08,00474F08), ref: 0044830D
                                  • Part of subcall function 00448295: _abort.LIBCMT ref: 00448313
                                • EnumSystemLocalesW.KERNEL32(00451F27,00000001,?,?,?,00452792,JD,?,?,?,?,?,00444AED,?,?,?), ref: 00452007
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                • String ID:
                                • API String ID: 1084509184-0
                                • Opcode ID: 06cdaad2b1dd0330ee545a4703de2c72ad4f4425d90ac6c7aa7d45dfeb8c5d5b
                                • Instruction ID: 16a122e2f6617649f53ffd93528404cf76eb0d70ff9257d35f530b0535ef024d
                                • Opcode Fuzzy Hash: 06cdaad2b1dd0330ee545a4703de2c72ad4f4425d90ac6c7aa7d45dfeb8c5d5b
                                • Instruction Fuzzy Hash: 84F0203630020597CB04AF75D845B6A7F90EB82729B06009AFE058B6A2C7799842C754
                                Function 0040F90C Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                Download Yara Rule
                                APIs
                                • GetLocaleInfoA.KERNEL32(00000800,0000005A,00000000,00000003,?,?,?,00415537,00474EF0,00475A10,00474EF0,00000000,00474EF0,00000000,00474EF0,5.2.0 Pro), ref: 0040F920
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: InfoLocale
                                • String ID:
                                • API String ID: 2299586839-0
                                • Opcode ID: 60ac6b383c0d02c34bbf412ad9b051435ec7f82dc161eda072fb95a07eb92a85
                                • Instruction ID: 54543d52817102a935349e0949155b160d3bd36039d058f0142c014f19b14c2e
                                • Opcode Fuzzy Hash: 60ac6b383c0d02c34bbf412ad9b051435ec7f82dc161eda072fb95a07eb92a85
                                • Instruction Fuzzy Hash: D5D05B3074421C77D61096959D0AEAA779CD701B52F0001A6BB05D72C0D9E15E0087D1
                                Function 00434BD8 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                Download Yara Rule
                                APIs
                                • SetUnhandledExceptionFilter.KERNEL32(Function_00034BE4,0043490B), ref: 00434BDD
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ExceptionFilterUnhandled
                                • String ID:
                                • API String ID: 3192549508-0
                                • Opcode ID: 2ffe05228c785604148d814c7fc250910b5f8136668f43492b8067ac5164d55b
                                • Instruction ID: 702e07acd891e046c8aea5fc6397425f5e3bd38ef0af78e1c7fed93ac6412050
                                • Opcode Fuzzy Hash: 2ffe05228c785604148d814c7fc250910b5f8136668f43492b8067ac5164d55b
                                • Instruction Fuzzy Hash:
                                Function 00418EB1 Relevance: 49.3, APIs: 27, Strings: 1, Instructions: 328windowmemoryCOMMON
                                Download Yara Rule
                                APIs
                                • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00418ECB
                                • CreateCompatibleDC.GDI32(00000000), ref: 00418ED8
                                  • Part of subcall function 00419360: EnumDisplaySettingsW.USER32(?,000000FF,?), ref: 00419390
                                • CreateCompatibleBitmap.GDI32(00000000,?), ref: 00418F4E
                                • DeleteDC.GDI32(00000000), ref: 00418F65
                                • DeleteDC.GDI32(00000000), ref: 00418F68
                                • DeleteObject.GDI32(00000000), ref: 00418F6B
                                • SelectObject.GDI32(00000000,00000000), ref: 00418F8C
                                • DeleteDC.GDI32(00000000), ref: 00418F9D
                                • DeleteDC.GDI32(00000000), ref: 00418FA0
                                • StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,?,?,?,00CC0020), ref: 00418FC4
                                • GetIconInfo.USER32(?,?), ref: 00418FF8
                                • DeleteObject.GDI32(?), ref: 00419027
                                • DeleteObject.GDI32(?), ref: 00419034
                                • DrawIcon.USER32(00000000,?,?,?), ref: 00419041
                                • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00660046), ref: 00419077
                                • GetObjectA.GDI32(00000000,00000018,?), ref: 004190A3
                                • LocalAlloc.KERNEL32(00000040,00000001), ref: 00419110
                                • GlobalAlloc.KERNEL32(00000000,?), ref: 0041917F
                                • GetDIBits.GDI32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 004191A3
                                • DeleteDC.GDI32(?), ref: 004191B7
                                • DeleteDC.GDI32(00000000), ref: 004191BA
                                • DeleteObject.GDI32(00000000), ref: 004191BD
                                • GlobalFree.KERNEL32(?), ref: 004191C8
                                • DeleteObject.GDI32(00000000), ref: 0041927C
                                • GlobalFree.KERNEL32(?), ref: 00419283
                                • DeleteDC.GDI32(?), ref: 00419293
                                • DeleteDC.GDI32(00000000), ref: 0041929E
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Delete$Object$CreateGlobal$AllocCompatibleFreeIcon$BitmapBitsDisplayDrawEnumInfoLocalSelectSettingsStretch
                                • String ID: DISPLAY
                                • API String ID: 479521175-865373369
                                • Opcode ID: a332c2859ef59da40decfcbeef2faf7b264db83c1a690ef57184ee4fa2b6b732
                                • Instruction ID: 987d9a4534759b20ade43e5cc0d007ec6aae9fd5378911baa39845865ae00971
                                • Opcode Fuzzy Hash: a332c2859ef59da40decfcbeef2faf7b264db83c1a690ef57184ee4fa2b6b732
                                • Instruction Fuzzy Hash: D8C15C71504301AFD720DF25DC48BABBBE9EB88715F04482EF98993291DB34ED45CB6A
                                Function 0041812A Relevance: 47.5, APIs: 22, Strings: 5, Instructions: 289libraryloaderthreadCOMMON
                                Download Yara Rule
                                APIs
                                • GetModuleHandleA.KERNEL32(ntdll,ZwCreateSection,00000000,00000000), ref: 00418171
                                • GetProcAddress.KERNEL32(00000000), ref: 00418174
                                • GetModuleHandleA.KERNEL32(ntdll,ZwMapViewOfSection), ref: 00418185
                                • GetProcAddress.KERNEL32(00000000), ref: 00418188
                                • GetModuleHandleA.KERNEL32(ntdll,ZwUnmapViewOfSection), ref: 00418199
                                • GetProcAddress.KERNEL32(00000000), ref: 0041819C
                                • GetModuleHandleA.KERNEL32(ntdll,ZwClose), ref: 004181AD
                                • GetProcAddress.KERNEL32(00000000), ref: 004181B0
                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 00418252
                                • VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 0041826A
                                • GetThreadContext.KERNEL32(?,00000000), ref: 00418280
                                • ReadProcessMemory.KERNEL32(?,?,?,00000004,?), ref: 004182A6
                                • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 00418328
                                • TerminateProcess.KERNEL32(?,00000000), ref: 0041833C
                                • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,?,00000001,00000000,00000040), ref: 0041837C
                                • WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000), ref: 00418446
                                • SetThreadContext.KERNEL32(?,00000000), ref: 00418463
                                • ResumeThread.KERNEL32(?), ref: 00418470
                                • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 00418487
                                • GetCurrentProcess.KERNEL32(?), ref: 00418492
                                • TerminateProcess.KERNEL32(?,00000000), ref: 004184AD
                                • GetLastError.KERNEL32 ref: 004184B5
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Process$AddressHandleModuleProc$ThreadVirtual$ContextCurrentFreeMemoryTerminate$AllocCreateErrorLastReadResumeWrite
                                • String ID: ZwClose$ZwCreateSection$ZwMapViewOfSection$ZwUnmapViewOfSection$ntdll
                                • API String ID: 4188446516-3035715614
                                • Opcode ID: 6fe37197d8788220cf6427c040a72875e8f2824bd02e1a8f118f24072f5bfafb
                                • Instruction ID: 6e605283caf6159cf0966bfa06415cd8be065dbd330dc5e1b11c181c8b11ae87
                                • Opcode Fuzzy Hash: 6fe37197d8788220cf6427c040a72875e8f2824bd02e1a8f118f24072f5bfafb
                                • Instruction Fuzzy Hash: 5AA14DB0604301AFDB209F64DD85B6B7BE8FB88745F04482EF689D6291EB78DC44CB59
                                Function 0040D45B Relevance: 45.8, APIs: 6, Strings: 20, Instructions: 282registryCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0041288B: TerminateProcess.KERNEL32(00000000,?,0040D84A), ref: 0041289B
                                  • Part of subcall function 0041288B: WaitForSingleObject.KERNEL32(000000FF,?,0040D84A), ref: 004128AE
                                • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,00000000), ref: 0040D558
                                • RegDeleteKeyA.ADVAPI32(80000001,00000000), ref: 0040D56B
                                • SetFileAttributesW.KERNEL32(?,00000080,?,?,00000000), ref: 0040D584
                                • SetFileAttributesW.KERNEL32(00000000,00000080,?,?,00000000), ref: 0040D5B4
                                  • Part of subcall function 0040B8E7: TerminateThread.KERNEL32(0040A2B8,00000000,00000000,?,0040D47D,?,00000000), ref: 0040B8F6
                                  • Part of subcall function 0040B8E7: UnhookWindowsHookEx.USER32(00475100), ref: 0040B902
                                  • Part of subcall function 0040B8E7: TerminateThread.KERNEL32(0040A2A2,00000000,?,0040D47D,?,00000000), ref: 0040B910
                                  • Part of subcall function 0041C482: CreateFileW.KERNEL32(00000004,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,?,00000004,00000000,0041C5A1,00000000,00000000,00000000), ref: 0041C4C1
                                • ShellExecuteW.SHELL32(00000000,open,00000000,00466478,00466478,00000000), ref: 0040D7FF
                                • ExitProcess.KERNEL32 ref: 0040D80B
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: File$Terminate$AttributesProcessThread$CreateDeleteExecuteExitHookModuleNameObjectShellSingleUnhookWaitWindows
                                • String ID: """, 0$")$@qF$@qF$CreateObject("WScript.Shell").Run "cmd /c ""$HSG$On Error Resume Next$Set fso = CreateObject("Scripting.FileSystemObject")$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Temp$\update.vbs$exepath$fso.DeleteFile "$fso.DeleteFile(Wscript.ScriptFullName)$fso.DeleteFolder "$open$tMG$wend$while fso.FileExists("
                                • API String ID: 1861856835-2336284224
                                • Opcode ID: b2e8ac5432893cc86c514a151e68c076a054af92cadaecf6a31a57020e158d28
                                • Instruction ID: 74aa42f7ec26bf67edaf4e1a165d404297a62af2c65c2789fcbb2c22ca84ca6d
                                • Opcode Fuzzy Hash: b2e8ac5432893cc86c514a151e68c076a054af92cadaecf6a31a57020e158d28
                                • Instruction Fuzzy Hash: B991B1316082005AC315FB62D8529AFB3A8AF94309F50443FB64AA71E3EF7C9D49C65E
                                Function 0040D0D1 Relevance: 42.3, APIs: 6, Strings: 18, Instructions: 260registryCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0041288B: TerminateProcess.KERNEL32(00000000,?,0040D84A), ref: 0041289B
                                  • Part of subcall function 0041288B: WaitForSingleObject.KERNEL32(000000FF,?,0040D84A), ref: 004128AE
                                • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,00475300,?,pth_unenc), ref: 0040D1E0
                                • RegDeleteKeyA.ADVAPI32(80000001,00000000), ref: 0040D1F3
                                • SetFileAttributesW.KERNEL32(00000000,00000080,?,?,?,?,?,00475300,?,pth_unenc), ref: 0040D223
                                • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,00475300,?,pth_unenc), ref: 0040D232
                                  • Part of subcall function 0040B8E7: TerminateThread.KERNEL32(0040A2B8,00000000,00000000,?,0040D47D,?,00000000), ref: 0040B8F6
                                  • Part of subcall function 0040B8E7: UnhookWindowsHookEx.USER32(00475100), ref: 0040B902
                                  • Part of subcall function 0040B8E7: TerminateThread.KERNEL32(0040A2A2,00000000,?,0040D47D,?,00000000), ref: 0040B910
                                  • Part of subcall function 0041BA09: GetCurrentProcessId.KERNEL32(00000000,?,?,?,?,?,?,0040407C), ref: 0041BA30
                                • ShellExecuteW.SHELL32(00000000,open,00000000,00466478,00466478,00000000), ref: 0040D44D
                                • ExitProcess.KERNEL32 ref: 0040D454
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: FileProcessTerminate$AttributesThread$CurrentDeleteExecuteExitHookModuleNameObjectShellSingleUnhookWaitWindows
                                • String ID: ")$.vbs$HSG$On Error Resume Next$Set fso = CreateObject("Scripting.FileSystemObject")$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Temp$exepath$fso.DeleteFile "$fso.DeleteFile(Wscript.ScriptFullName)$fso.DeleteFolder "$open$pth_unenc$tMG$wend$while fso.FileExists("$xpF
                                • API String ID: 3797177996-3101290586
                                • Opcode ID: 53bcc98072e969ec06e6571ef5b548dbc49c3cfef9e55493f5385faf44fbb08f
                                • Instruction ID: d04a29aa4e51556796b06844e147f4a7cb6a24a543372ca0e3e4f3e54a9e1c14
                                • Opcode Fuzzy Hash: 53bcc98072e969ec06e6571ef5b548dbc49c3cfef9e55493f5385faf44fbb08f
                                • Instruction Fuzzy Hash: 7781A1716082405BC715FB62D8529AF73A8AF94308F10443FB58A671E3EF7C9E49C69E
                                Function 004124B0 Relevance: 42.2, APIs: 17, Strings: 7, Instructions: 190synchronizationsleepfileCOMMON
                                Download Yara Rule
                                APIs
                                • CreateMutexA.KERNEL32(00000000,00000001,00000000,00000000,004750F4,00000003), ref: 004124CF
                                • ExitProcess.KERNEL32(00000000), ref: 004124DB
                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00412555
                                • OpenProcess.KERNEL32(00100000,00000000,00000000), ref: 00412564
                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0041256F
                                • CloseHandle.KERNEL32(00000000), ref: 00412576
                                • GetCurrentProcessId.KERNEL32 ref: 0041257C
                                • PathFileExistsW.SHLWAPI(?), ref: 004125AD
                                • GetTempPathW.KERNEL32(00000104,?), ref: 00412610
                                • GetTempFileNameW.KERNEL32(?,temp_,00000000,?), ref: 0041262A
                                • lstrcatW.KERNEL32(?,.exe), ref: 0041263C
                                  • Part of subcall function 0041C482: CreateFileW.KERNEL32(00000004,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,?,00000004,00000000,0041C5A1,00000000,00000000,00000000), ref: 0041C4C1
                                • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000001), ref: 0041267C
                                • Sleep.KERNEL32(000001F4), ref: 004126BD
                                • OpenProcess.KERNEL32(00100000,00000000,00000000), ref: 004126D2
                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 004126DD
                                • CloseHandle.KERNEL32(00000000), ref: 004126E4
                                • GetCurrentProcessId.KERNEL32 ref: 004126EA
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Process$File$Create$CloseCurrentHandleObjectOpenPathSingleTempWait$ExecuteExistsExitMutexNameShellSleeplstrcat
                                • String ID: (TG$.exe$HSG$WDH$exepath$open$temp_
                                • API String ID: 2649220323-4116078715
                                • Opcode ID: 3e0ec8450686cced86593530f3de935c58d75cfb3801b14a39688fabd7981d3f
                                • Instruction ID: 24c9a3d3f9f851b6826daa3a71410153ee30a0e468f06c14c2e22e8a151f545e
                                • Opcode Fuzzy Hash: 3e0ec8450686cced86593530f3de935c58d75cfb3801b14a39688fabd7981d3f
                                • Instruction Fuzzy Hash: B551C771A00315BBDB10ABA09C99EFE336D9B04755F10416BF901E72D2EFBC8E85865D
                                Function 0041B0D8 Relevance: 38.7, APIs: 12, Strings: 10, Instructions: 180synchronizationCOMMON
                                Download Yara Rule
                                APIs
                                • mciSendStringW.WINMM(00000000,00000000,00000000,00000000), ref: 0041B1CD
                                • mciSendStringA.WINMM(play audio,00000000,00000000,00000000), ref: 0041B1E1
                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,000000A9,004660B4), ref: 0041B209
                                • PathFileExistsW.SHLWAPI(00000000,00000000,00000000,00474EF0,00000000), ref: 0041B21F
                                • mciSendStringA.WINMM(pause audio,00000000,00000000,00000000), ref: 0041B260
                                • mciSendStringA.WINMM(resume audio,00000000,00000000,00000000), ref: 0041B278
                                • mciSendStringA.WINMM(status audio mode,?,00000014,00000000), ref: 0041B28D
                                • SetEvent.KERNEL32 ref: 0041B2AA
                                • WaitForSingleObject.KERNEL32(000001F4), ref: 0041B2BB
                                • CloseHandle.KERNEL32 ref: 0041B2CB
                                • mciSendStringA.WINMM(stop audio,00000000,00000000,00000000), ref: 0041B2ED
                                • mciSendStringA.WINMM(close audio,00000000,00000000,00000000), ref: 0041B2F7
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: SendString$Event$CloseCreateExistsFileHandleObjectPathSingleWait
                                • String ID: alias audio$" type $close audio$open "$pause audio$play audio$resume audio$status audio mode$stop audio$stopped
                                • API String ID: 738084811-1354618412
                                • Opcode ID: 6296e67ab082eca21d99157daee0de4a55e64cef947884f766446456a036536f
                                • Instruction ID: 3073296416e4f75d74a960dba2816641598052066ba22d453d93bca4cbe87184
                                • Opcode Fuzzy Hash: 6296e67ab082eca21d99157daee0de4a55e64cef947884f766446456a036536f
                                • Instruction Fuzzy Hash: 4E51A5B12442056ED714B731DC96EBF379CDB80359F10053FB24A621E2EF789D4986AE
                                Function 00401CE9 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 156fileCOMMON
                                Download Yara Rule
                                APIs
                                • CreateFileW.KERNEL32(00000000,40000000,00000000), ref: 00401D55
                                • WriteFile.KERNEL32(00000000,RIFF,00000004,?,00000000), ref: 00401D7F
                                • WriteFile.KERNEL32(00000000,00000000,00000004,00000000,00000000), ref: 00401D8F
                                • WriteFile.KERNEL32(00000000,WAVE,00000004,00000000,00000000), ref: 00401D9F
                                • WriteFile.KERNEL32(00000000,fmt ,00000004,00000000,00000000), ref: 00401DAF
                                • WriteFile.KERNEL32(00000000,?,00000004,00000000,00000000), ref: 00401DBF
                                • WriteFile.KERNEL32(00000000,?,00000002,00000000,00000000), ref: 00401DD0
                                • WriteFile.KERNEL32(00000000,00472ACA,00000002,00000000,00000000), ref: 00401DE1
                                • WriteFile.KERNEL32(00000000,00472ACC,00000004,00000000,00000000), ref: 00401DF1
                                • WriteFile.KERNEL32(00000000,00000001,00000004,00000000,00000000), ref: 00401E01
                                • WriteFile.KERNEL32(00000000,?,00000002,00000000,00000000), ref: 00401E12
                                • WriteFile.KERNEL32(00000000,00472AD6,00000002,00000000,00000000), ref: 00401E23
                                • WriteFile.KERNEL32(00000000,data,00000004,00000000,00000000), ref: 00401E33
                                • WriteFile.KERNEL32(00000000,?,00000004,00000000,00000000), ref: 00401E43
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: File$Write$Create
                                • String ID: RIFF$WAVE$data$fmt
                                • API String ID: 1602526932-4212202414
                                • Opcode ID: 827ce642555df21a050573d9d5a330f37f16d9829fec6a71b542a6fa22e9225d
                                • Instruction ID: 52f5d26e7cd893c7c7a939122a780f0294375d64c437cdec10b118f5e091287a
                                • Opcode Fuzzy Hash: 827ce642555df21a050573d9d5a330f37f16d9829fec6a71b542a6fa22e9225d
                                • Instruction Fuzzy Hash: 61414D72644208BAE210DB51DD85FBB7FECEB89F54F40041AFA44D6081E7A5E909DBB3
                                Function 004072AB Relevance: 35.1, APIs: 12, Strings: 8, Instructions: 62libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                • GetModuleHandleW.KERNEL32(ntdll.dll,RtlInitUnicodeString,00000000,C:\Users\user\Desktop\NEW ORDER- 4788467.exe,00000001,00407688,C:\Users\user\Desktop\NEW ORDER- 4788467.exe,00000003,004076B0,004752E8,00407709), ref: 004072BF
                                • GetProcAddress.KERNEL32(00000000), ref: 004072C8
                                • GetModuleHandleW.KERNEL32(ntdll.dll,NtAllocateVirtualMemory), ref: 004072DD
                                • GetProcAddress.KERNEL32(00000000), ref: 004072E0
                                • GetModuleHandleW.KERNEL32(ntdll.dll,NtFreeVirtualMemory), ref: 004072F1
                                • GetProcAddress.KERNEL32(00000000), ref: 004072F4
                                • GetModuleHandleW.KERNEL32(ntdll.dll,RtlAcquirePebLock), ref: 00407305
                                • GetProcAddress.KERNEL32(00000000), ref: 00407308
                                • GetModuleHandleW.KERNEL32(ntdll.dll,RtlReleasePebLock), ref: 00407319
                                • GetProcAddress.KERNEL32(00000000), ref: 0040731C
                                • GetModuleHandleW.KERNEL32(ntdll.dll,LdrEnumerateLoadedModules), ref: 0040732D
                                • GetProcAddress.KERNEL32(00000000), ref: 00407330
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: AddressHandleModuleProc
                                • String ID: C:\Users\user\Desktop\NEW ORDER- 4788467.exe$LdrEnumerateLoadedModules$NtAllocateVirtualMemory$NtFreeVirtualMemory$RtlAcquirePebLock$RtlInitUnicodeString$RtlReleasePebLock$ntdll.dll
                                • API String ID: 1646373207-2457607428
                                • Opcode ID: acc633f1adce617efce258e7e3813168510e5abee68bf21287a11e169d765cdb
                                • Instruction ID: 830827c477b4c5a159b6e54fb752daf43fd3ce12eed95b51e760902f95858ec4
                                • Opcode Fuzzy Hash: acc633f1adce617efce258e7e3813168510e5abee68bf21287a11e169d765cdb
                                • Instruction Fuzzy Hash: 66015EA0E4431676DB116F7AAD44D5B7EDD9E41351311087BB405E2292EEBCE800C9AE
                                Function 0041C0AC Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 139stringCOMMON
                                Download Yara Rule
                                APIs
                                • lstrlenW.KERNEL32(?), ref: 0041C0C7
                                • _memcmp.LIBVCRUNTIME ref: 0041C0DF
                                • lstrlenW.KERNEL32(?), ref: 0041C0F8
                                • FindFirstVolumeW.KERNEL32(?,00000104,?), ref: 0041C133
                                • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0041C146
                                • QueryDosDeviceW.KERNEL32(?,?,00000064), ref: 0041C18A
                                • lstrcmpW.KERNEL32(?,?), ref: 0041C1A5
                                • FindNextVolumeW.KERNEL32(?,0000003F,00000104), ref: 0041C1BD
                                • _wcslen.LIBCMT ref: 0041C1CC
                                • FindVolumeClose.KERNEL32(?), ref: 0041C1EC
                                • GetLastError.KERNEL32 ref: 0041C204
                                • GetVolumePathNamesForVolumeNameW.KERNEL32(?,?,?,?), ref: 0041C231
                                • lstrcatW.KERNEL32(?,?), ref: 0041C24A
                                • lstrcpyW.KERNEL32(?,?), ref: 0041C259
                                • GetLastError.KERNEL32 ref: 0041C261
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Volume$ErrorFindLast$lstrlen$CloseDeviceFirstNameNamesNextPathQuery_memcmp_wcslenlstrcatlstrcmplstrcpy
                                • String ID: ?
                                • API String ID: 3941738427-1684325040
                                • Opcode ID: a0ce836f87bdb73d1aed96e44626d16fc1f948222461cff8e144d7328d36a715
                                • Instruction ID: 8d48ee17a24f37a9bc83e71ffc922dd471ae74eb47091415c6e266b1ff6a60c4
                                • Opcode Fuzzy Hash: a0ce836f87bdb73d1aed96e44626d16fc1f948222461cff8e144d7328d36a715
                                • Instruction Fuzzy Hash: B541A671584316EBD720DFA0DC889DBB7ECEB84745F00092BF545D2162EB78CA88CB96
                                Function 00414DC1 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 109libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00414E10
                                • LoadLibraryA.KERNEL32(?), ref: 00414E52
                                • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 00414E72
                                • FreeLibrary.KERNEL32(00000000), ref: 00414E79
                                • LoadLibraryA.KERNEL32(?), ref: 00414EB1
                                • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 00414EC3
                                • FreeLibrary.KERNEL32(00000000), ref: 00414ECA
                                • GetProcAddress.KERNEL32(00000000,?), ref: 00414ED9
                                • FreeLibrary.KERNEL32(00000000), ref: 00414EF0
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Library$AddressFreeProc$Load$DirectorySystem
                                • String ID: EIA$\ws2_32$\wship6$freeaddrinfo$getaddrinfo$getnameinfo
                                • API String ID: 2490988753-3346362794
                                • Opcode ID: 93ac1047b93552b97dd98974212ca4d4f14522e3aac142c7c555de1a9c5e5d12
                                • Instruction ID: 3afff981d8ce70f6205f85204df1f21ec1f12b20cff6a054e3a0857f0929e507
                                • Opcode Fuzzy Hash: 93ac1047b93552b97dd98974212ca4d4f14522e3aac142c7c555de1a9c5e5d12
                                • Instruction Fuzzy Hash: 3231C2B2906315ABD7209F65CC84EDF76DCAB84754F004A2AF984A3211D738D985CBAE
                                Function 0044F4AD Relevance: 25.9, APIs: 17, Instructions: 419COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$EnvironmentVariable$_wcschr
                                • String ID:
                                • API String ID: 3899193279-0
                                • Opcode ID: a471c829ddd5e79256b59335d7b350d61db07916532beff835d4a4e17985a3d6
                                • Instruction ID: 2409d22e097b45b84bdb59948eb4ebc1cd1141af37d2d18b4001dba56dac1aed
                                • Opcode Fuzzy Hash: a471c829ddd5e79256b59335d7b350d61db07916532beff835d4a4e17985a3d6
                                • Instruction Fuzzy Hash: E3D135B1D003006FFB24AF799D82A6B7BA8EF01314F05417FE945A7382EB7D99098759
                                Function 0041C720 Relevance: 23.0, APIs: 6, Strings: 7, Instructions: 214registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?), ref: 0041C742
                                • RegEnumKeyExA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041C786
                                • RegCloseKey.ADVAPI32(?), ref: 0041CA50
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CloseEnumOpen
                                • String ID: DisplayName$DisplayVersion$InstallDate$InstallLocation$Publisher$Software\Microsoft\Windows\CurrentVersion\Uninstall$UninstallString
                                • API String ID: 1332880857-3714951968
                                • Opcode ID: 8834d76765b8d9aa2aae2e6c3e4fc44c7e31d4deaeca63b3a5fa155628fd0460
                                • Instruction ID: 8204223968f620e226549da85b9b34a309c849e8d9bbed411749b7727356edba
                                • Opcode Fuzzy Hash: 8834d76765b8d9aa2aae2e6c3e4fc44c7e31d4deaeca63b3a5fa155628fd0460
                                • Instruction Fuzzy Hash: 3E8133311082459BC325EF11D851EEFB7E8BF94309F10492FB589921A2FF74AE49CA5A
                                Function 0041D620 Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 74windowCOMMON
                                Download Yara Rule
                                APIs
                                • DefWindowProcA.USER32(?,00000401,?,?), ref: 0041D66B
                                • GetCursorPos.USER32(?), ref: 0041D67A
                                • SetForegroundWindow.USER32(?), ref: 0041D683
                                • TrackPopupMenu.USER32(00000000,?,?,00000000,?,00000000), ref: 0041D69D
                                • Shell_NotifyIconA.SHELL32(00000002,00474B58), ref: 0041D6EE
                                • ExitProcess.KERNEL32 ref: 0041D6F6
                                • CreatePopupMenu.USER32 ref: 0041D6FC
                                • AppendMenuA.USER32(00000000,00000000,00000000,Close), ref: 0041D711
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Menu$PopupWindow$AppendCreateCursorExitForegroundIconNotifyProcProcessShell_Track
                                • String ID: Close
                                • API String ID: 1657328048-3535843008
                                • Opcode ID: 73816c5193d16127c0aec765399ca9dfe531eb1d692a29e38a1feb3416d684dd
                                • Instruction ID: b66198a42bffced696eb94d9f3abdc54ecf3157c52e3fd06dc0985426ba48be4
                                • Opcode Fuzzy Hash: 73816c5193d16127c0aec765399ca9dfe531eb1d692a29e38a1feb3416d684dd
                                • Instruction Fuzzy Hash: 51216BB1500208FFDF054FA4ED0EAAA7B35EB08302F000125FA19950B2D779EDA1EB18
                                Function 00445DD7 Relevance: 22.8, APIs: 15, Instructions: 296COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$Info
                                • String ID:
                                • API String ID: 2509303402-0
                                • Opcode ID: d11cf9d75a9b095113a5c4e7a536203a51778a2c4217635f9f2315e0a594c0ce
                                • Instruction ID: 03d8b0dccc9171d7b4ee81f85837dfa1205ba0d7832ce976ccf3d084d520ac26
                                • Opcode Fuzzy Hash: d11cf9d75a9b095113a5c4e7a536203a51778a2c4217635f9f2315e0a594c0ce
                                • Instruction Fuzzy Hash: AFB1CE719002059FEB21DF69C881BEEBBF4BF09304F15842EF495A7242DB79AC458B69
                                Function 00412AEF Relevance: 21.5, APIs: 9, Strings: 3, Instructions: 482sleepfileCOMMON
                                Download Yara Rule
                                APIs
                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00412B08
                                  • Part of subcall function 0041BA09: GetCurrentProcessId.KERNEL32(00000000,?,?,?,?,?,?,0040407C), ref: 0041BA30
                                  • Part of subcall function 004185A3: CloseHandle.KERNEL32(004040F5,?,?,004040F5,00465E84), ref: 004185B9
                                  • Part of subcall function 004185A3: CloseHandle.KERNEL32(00465E84,?,?,004040F5,00465E84), ref: 004185C2
                                • Sleep.KERNEL32(0000000A,00465E84), ref: 00412C5A
                                • Sleep.KERNEL32(0000000A,00465E84,00465E84), ref: 00412CFC
                                • Sleep.KERNEL32(0000000A,00465E84,00465E84,00465E84), ref: 00412D9E
                                • DeleteFileW.KERNEL32(00000000,00465E84,00465E84,00465E84), ref: 00412E00
                                • DeleteFileW.KERNEL32(00000000,00465E84,00465E84,00465E84), ref: 00412E37
                                • DeleteFileW.KERNEL32(00000000,00465E84,00465E84,00465E84), ref: 00412E73
                                • Sleep.KERNEL32(000001F4,00465E84,00465E84,00465E84), ref: 00412E8D
                                • Sleep.KERNEL32(00000064), ref: 00412ECF
                                  • Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Sleep$File$Delete$CloseHandle$CurrentModuleNameProcesssend
                                • String ID: /stext "$@TG$@TG
                                • API String ID: 1223786279-723413999
                                • Opcode ID: a90acd8d7071acfa2d0e9883792276cd2d83e9ecc9e4a0baa673cf908a2511cc
                                • Instruction ID: 54c64e465a66050ec466d83b34d0c9889d7f3cdaa7358c1e9e14d2467042f0e2
                                • Opcode Fuzzy Hash: a90acd8d7071acfa2d0e9883792276cd2d83e9ecc9e4a0baa673cf908a2511cc
                                • Instruction Fuzzy Hash: 5B0268315083414AC325FB62D891AEFB3E5AFD0348F50483FF58A971E2EF785A49C65A
                                Function 00451346 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • ___free_lconv_mon.LIBCMT ref: 0045138A
                                  • Part of subcall function 00450582: _free.LIBCMT ref: 0045059F
                                  • Part of subcall function 00450582: _free.LIBCMT ref: 004505B1
                                  • Part of subcall function 00450582: _free.LIBCMT ref: 004505C3
                                  • Part of subcall function 00450582: _free.LIBCMT ref: 004505D5
                                  • Part of subcall function 00450582: _free.LIBCMT ref: 004505E7
                                  • Part of subcall function 00450582: _free.LIBCMT ref: 004505F9
                                  • Part of subcall function 00450582: _free.LIBCMT ref: 0045060B
                                  • Part of subcall function 00450582: _free.LIBCMT ref: 0045061D
                                  • Part of subcall function 00450582: _free.LIBCMT ref: 0045062F
                                  • Part of subcall function 00450582: _free.LIBCMT ref: 00450641
                                  • Part of subcall function 00450582: _free.LIBCMT ref: 00450653
                                  • Part of subcall function 00450582: _free.LIBCMT ref: 00450665
                                  • Part of subcall function 00450582: _free.LIBCMT ref: 00450677
                                • _free.LIBCMT ref: 0045137F
                                  • Part of subcall function 00446802: HeapFree.KERNEL32(00000000,00000000,?,00450CEF,?,00000000,?,00000000,?,00450F93,?,00000007,?,?,004514DE,?), ref: 00446818
                                  • Part of subcall function 00446802: GetLastError.KERNEL32(?,?,00450CEF,?,00000000,?,00000000,?,00450F93,?,00000007,?,?,004514DE,?,?), ref: 0044682A
                                • _free.LIBCMT ref: 004513A1
                                • _free.LIBCMT ref: 004513B6
                                • _free.LIBCMT ref: 004513C1
                                • _free.LIBCMT ref: 004513E3
                                • _free.LIBCMT ref: 004513F6
                                • _free.LIBCMT ref: 00451404
                                • _free.LIBCMT ref: 0045140F
                                • _free.LIBCMT ref: 00451447
                                • _free.LIBCMT ref: 0045144E
                                • _free.LIBCMT ref: 0045146B
                                • _free.LIBCMT ref: 00451483
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                • String ID:
                                • API String ID: 161543041-0
                                • Opcode ID: 9bfda5629608ba7fc19c0d50907ac959002cc076efa33527145bad7316b2b0bb
                                • Instruction ID: 2428002f6fd8eb1a99257b9b861ac38f7c05b5b97acacff09fd9d8cf260fe807
                                • Opcode Fuzzy Hash: 9bfda5629608ba7fc19c0d50907ac959002cc076efa33527145bad7316b2b0bb
                                • Instruction Fuzzy Hash: 403193715003009FEB20AA39D846F5B73E8EF02315F62992FE849D7662DF78AD44C729
                                Function 00408BB5 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 328fileCOMMON
                                Download Yara Rule
                                APIs
                                • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,000000B6), ref: 00408D1E
                                • GetFileSizeEx.KERNEL32(00000000,?), ref: 00408D56
                                • __aulldiv.LIBCMT ref: 00408D88
                                  • Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36
                                  • Part of subcall function 0041B580: GetLocalTime.KERNEL32(00000000), ref: 0041B59A
                                • SetFilePointerEx.KERNEL32(00000000,?,?,00000000,00000000), ref: 00408EAB
                                • ReadFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 00408EC6
                                • CloseHandle.KERNEL32(00000000), ref: 00408F9F
                                • CloseHandle.KERNEL32(00000000,00000052), ref: 00408FE9
                                • CloseHandle.KERNEL32(00000000), ref: 00409037
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: File$CloseHandle$CreateLocalPointerReadSizeTime__aulldivsend
                                • String ID: ReadFile error$SetFilePointerEx error$Uploading file to Controller:
                                • API String ID: 3086580692-2596673759
                                • Opcode ID: 160633e4da690031bbe2cd61954ec08d7589a01c574f3dfc20b15958750bfdda
                                • Instruction ID: 2d1ece25e1b497defd969945f9de4b01d63c4d7912a1bb42583949d7b10afa87
                                • Opcode Fuzzy Hash: 160633e4da690031bbe2cd61954ec08d7589a01c574f3dfc20b15958750bfdda
                                • Instruction Fuzzy Hash: 76B1A0316083409BC314FB26C941AAFB7E5AFC4358F40492FF589622D2EF789945CB9B
                                Function 0040D83A Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 148COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0041288B: TerminateProcess.KERNEL32(00000000,?,0040D84A), ref: 0041289B
                                  • Part of subcall function 0041288B: WaitForSingleObject.KERNEL32(000000FF,?,0040D84A), ref: 004128AE
                                  • Part of subcall function 00413733: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,?,00000208), ref: 0041374F
                                  • Part of subcall function 00413733: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,00000000), ref: 00413768
                                  • Part of subcall function 00413733: RegCloseKey.ADVAPI32(?), ref: 00413773
                                • GetModuleFileNameW.KERNEL32(00000000,?,00000208), ref: 0040D894
                                • ShellExecuteW.SHELL32(00000000,open,00000000,00466478,00466478,00000000), ref: 0040D9F3
                                • ExitProcess.KERNEL32 ref: 0040D9FF
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Process$CloseExecuteExitFileModuleNameObjectOpenQueryShellSingleTerminateValueWait
                                • String ID: """, 0$.vbs$CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)$CreateObject("WScript.Shell").Run "cmd /c ""$HSG$Temp$exepath$open
                                • API String ID: 1913171305-833065420
                                • Opcode ID: 72c825d39459cf46232dad6bfdf4d85323a1f39c29c02b9223713a764ef131f0
                                • Instruction ID: 050033375253242a90a907d975c9615f3488646990559cd5331657e2136e0730
                                • Opcode Fuzzy Hash: 72c825d39459cf46232dad6bfdf4d85323a1f39c29c02b9223713a764ef131f0
                                • Instruction Fuzzy Hash: 514139319001155ACB15FBA2DC56DEEB778AF50709F10017FB10AB21E2FF785E4ACA98
                                Function 004048C8 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 144networkCOMMON
                                Download Yara Rule
                                APIs
                                • connect.WS2_32(?,?,?), ref: 004048E0
                                • CreateEventW.KERNEL32(00000000,00000000,00000001,00000000), ref: 00404A00
                                • CreateEventW.KERNEL32(00000000,00000000,00000001,00000000), ref: 00404A0E
                                • WSAGetLastError.WS2_32 ref: 00404A21
                                  • Part of subcall function 0041B580: GetLocalTime.KERNEL32(00000000), ref: 0041B59A
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CreateEvent$ErrorLastLocalTimeconnect
                                • String ID: Connection Failed: $Connection Refused$TLS Authentication Failed$TLS Error 1$TLS Error 2$TLS Error 3$TLS Handshake... |
                                • API String ID: 994465650-2151626615
                                • Opcode ID: 2d49116b9c675fc5002ccfaaed315144ad6d64ba8ccd8faf84a893bd454578e1
                                • Instruction ID: d7ad8a6a5323ad03425d5def7d05b30a9c8ce31cd4ccd690c712fe6c843f15aa
                                • Opcode Fuzzy Hash: 2d49116b9c675fc5002ccfaaed315144ad6d64ba8ccd8faf84a893bd454578e1
                                • Instruction Fuzzy Hash: AD41E8B575060277C61877BB890B52E7A56AB81308B50017FEA0256AD3FA7D9C108BEF
                                Function 00450680 Relevance: 18.4, APIs: 12, Instructions: 376COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free
                                • String ID:
                                • API String ID: 269201875-0
                                • Opcode ID: f91d4b90763e5671f10523a72ee64b05bbc7cd6159c247d47fb1287d0ca389aa
                                • Instruction ID: 80ca3ff3fa16d46db3e6ae4c9b8471dba03f652ca918f9f25067e0b92ee87d4d
                                • Opcode Fuzzy Hash: f91d4b90763e5671f10523a72ee64b05bbc7cd6159c247d47fb1287d0ca389aa
                                • Instruction Fuzzy Hash: 30C183B6D40204ABEB20DBA9CC43FDE77F8AB09705F150166FE04EB283D6B49D459768
                                Function 00404E26 Relevance: 18.1, APIs: 12, Instructions: 65synchronizationCOMMON
                                Download Yara Rule
                                APIs
                                • WaitForSingleObject.KERNEL32(?,000000FF,00000000,00474F08,?,00000000,00474F08,00404CA8,00000000,?,?,00000000,00474F08,00404AC9), ref: 00404E38
                                • SetEvent.KERNEL32(?,?,00000000,00474F08,00404CA8,00000000,?,?,00000000,00474F08,00404AC9), ref: 00404E43
                                • CloseHandle.KERNEL32(?,?,00000000,00474F08,00404CA8,00000000,?,?,00000000,00474F08,00404AC9), ref: 00404E4C
                                • closesocket.WS2_32(?), ref: 00404E5A
                                • WaitForSingleObject.KERNEL32(?,000000FF,?,00000000,00474F08,00404CA8,00000000,?,?,00000000,00474F08,00404AC9), ref: 00404E91
                                • SetEvent.KERNEL32(?,?,00000000,00474F08,00404CA8,00000000,?,?,00000000,00474F08,00404AC9), ref: 00404EA2
                                • WaitForSingleObject.KERNEL32(?,000000FF,?,00000000,00474F08,00404CA8,00000000,?,?,00000000,00474F08,00404AC9), ref: 00404EA9
                                • SetEvent.KERNEL32(?,?,00000000,00474F08,00404CA8,00000000,?,?,00000000,00474F08,00404AC9), ref: 00404EBA
                                • CloseHandle.KERNEL32(?,?,00000000,00474F08,00404CA8,00000000,?,?,00000000,00474F08,00404AC9), ref: 00404EBF
                                • CloseHandle.KERNEL32(?,?,00000000,00474F08,00404CA8,00000000,?,?,00000000,00474F08,00404AC9), ref: 00404EC4
                                • SetEvent.KERNEL32(?,?,00000000,00474F08,00404CA8,00000000,?,?,00000000,00474F08,00404AC9), ref: 00404ED1
                                • CloseHandle.KERNEL32(?,?,00000000,00474F08,00404CA8,00000000,?,?,00000000,00474F08,00404AC9), ref: 00404ED6
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CloseEventHandle$ObjectSingleWait$closesocket
                                • String ID:
                                • API String ID: 3658366068-0
                                • Opcode ID: 1684f4f73009feb69d70dfcf302ee3e014c0b3edf4bc9f5cbab22c6bf1399946
                                • Instruction ID: 681aebbacbf541c1c6cd6dfca6fba55586e42b113d9ea1c0d4e3a90daa9851ad
                                • Opcode Fuzzy Hash: 1684f4f73009feb69d70dfcf302ee3e014c0b3edf4bc9f5cbab22c6bf1399946
                                • Instruction Fuzzy Hash: DE21EA71154B04AFDB216B26DC49B1BBBA1FF40326F104A2DE2E211AF1CB79B851DB58
                                Function 00455C5B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00455929: CreateFileW.KERNEL32(00000000,00000000,?,00455D04,?,?,00000000,?,00455D04,00000000,0000000C), ref: 00455946
                                • GetLastError.KERNEL32 ref: 00455D6F
                                • __dosmaperr.LIBCMT ref: 00455D76
                                • GetFileType.KERNEL32(00000000), ref: 00455D82
                                • GetLastError.KERNEL32 ref: 00455D8C
                                • __dosmaperr.LIBCMT ref: 00455D95
                                • CloseHandle.KERNEL32(00000000), ref: 00455DB5
                                • CloseHandle.KERNEL32(?), ref: 00455EFF
                                • GetLastError.KERNEL32 ref: 00455F31
                                • __dosmaperr.LIBCMT ref: 00455F38
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                • String ID: H
                                • API String ID: 4237864984-2852464175
                                • Opcode ID: 3e80e4deedef708004bf5c1f14aafc2c87dd9643035db764e93b071d2df20022
                                • Instruction ID: 7cd045c9b8f196398d23f94ba58010557f508cd7b58f44c29b3e784ccbbfb847
                                • Opcode Fuzzy Hash: 3e80e4deedef708004bf5c1f14aafc2c87dd9643035db764e93b071d2df20022
                                • Instruction Fuzzy Hash: 44A14532A106049FDF19AF68DC657BE3BA0EB06325F24015EEC11AB392D6398D1AC759
                                Function 00450AA5 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 204COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free
                                • String ID: \&G$\&G$`&G
                                • API String ID: 269201875-253610517
                                • Opcode ID: f361c4fdd0f35bb0b590f5a399794b5d5c57f6d7c3c5bbd0b76040d27d65b4a3
                                • Instruction ID: 59c4f5d9f803fa3be21c2588ad204ea2c1e8261bb9e1a4607c4596bf86990b35
                                • Opcode Fuzzy Hash: f361c4fdd0f35bb0b590f5a399794b5d5c57f6d7c3c5bbd0b76040d27d65b4a3
                                • Instruction Fuzzy Hash: 86610E75900205AFDB21DF69C842B9ABBF4EF06710F24426BED44EB242E774AD45CB58
                                Function 00414BEB Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 158COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: 65535$udp
                                • API String ID: 0-1267037602
                                • Opcode ID: 92e56e7e39f2557d79d3192c533dec3724d183fd0175ec4c26052f24408cebce
                                • Instruction ID: a9902b4e2b63063b067a15c036b171ad6d3a8658db747517b03e91dd9f9ead29
                                • Opcode Fuzzy Hash: 92e56e7e39f2557d79d3192c533dec3724d183fd0175ec4c26052f24408cebce
                                • Instruction Fuzzy Hash: FB51D431605301ABDB609B14E905BFB77E8ABC5754F08042FF88597390E76CCCC1969E
                                Function 0040AD11 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 156sleepCOMMON
                                Download Yara Rule
                                APIs
                                • __Init_thread_footer.LIBCMT ref: 0040AD73
                                • Sleep.KERNEL32(000001F4), ref: 0040AD7E
                                • GetForegroundWindow.USER32 ref: 0040AD84
                                • GetWindowTextLengthW.USER32(00000000), ref: 0040AD8D
                                • GetWindowTextW.USER32(00000000,00000000,00000000), ref: 0040ADC1
                                • Sleep.KERNEL32(000003E8), ref: 0040AE8F
                                  • Part of subcall function 0040A671: SetEvent.KERNEL32(?,?,00000000,0040B245,00000000), ref: 0040A69D
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Window$SleepText$EventForegroundInit_thread_footerLength
                                • String ID: [${ User has been idle for $ minutes }$]
                                • API String ID: 911427763-3954389425
                                • Opcode ID: b06ca0c711f551fa613fb528b9a86c1082eaad7740c8b83a56c6ee9751395190
                                • Instruction ID: 1462e2e3b317a3feaa81e481452c264ee2198f2d95b6ea563507fc8e19ff55dc
                                • Opcode Fuzzy Hash: b06ca0c711f551fa613fb528b9a86c1082eaad7740c8b83a56c6ee9751395190
                                • Instruction Fuzzy Hash: 7F51E1716043419BC714FB62D846AAE7795AF84308F10093FF546A22E2EF7C9D44C69F
                                Function 0043A8BA Relevance: 16.6, APIs: 11, Instructions: 116COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • MultiByteToWideChar.KERNEL32(?,00000000,00000050,000000FF,00000000,00000000,?,?,?,00401BD9,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 0043A912
                                • GetLastError.KERNEL32(?,?,00401BD9,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 0043A91F
                                • __dosmaperr.LIBCMT ref: 0043A926
                                • MultiByteToWideChar.KERNEL32(?,00000000,00000050,000000FF,00000000,00000000,?,?,?,00401BD9,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 0043A952
                                • GetLastError.KERNEL32(?,?,?,00401BD9,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 0043A95C
                                • __dosmaperr.LIBCMT ref: 0043A963
                                • WideCharToMultiByte.KERNEL32(?,00000000,00000000,000000FF,00000000,?,00000000,00000000,?,?,?,?,?,?,00401BD9,?), ref: 0043A9A6
                                • GetLastError.KERNEL32(?,?,?,?,?,?,00401BD9,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 0043A9B0
                                • __dosmaperr.LIBCMT ref: 0043A9B7
                                • _free.LIBCMT ref: 0043A9C3
                                • _free.LIBCMT ref: 0043A9CA
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ByteCharErrorLastMultiWide__dosmaperr$_free
                                • String ID:
                                • API String ID: 2441525078-0
                                • Opcode ID: 65e47024088546fc334146591d56820f873165bf99cfabfd31b4add3ed5f98c2
                                • Instruction ID: 3a2165a63a30732921e8d6571a772c998230e0148124485b419b79488018c54b
                                • Opcode Fuzzy Hash: 65e47024088546fc334146591d56820f873165bf99cfabfd31b4add3ed5f98c2
                                • Instruction Fuzzy Hash: 8631D5B180420AFBDF01AFA5CC45EAF3B6CEF09324F11451AF950662A1DB38CD61DB66
                                Function 0044ACC9 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 216COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,tC,0043EA74,?,?,?,0044AF1A,00000001,00000001,A4E85006), ref: 0044AD23
                                • __alloca_probe_16.LIBCMT ref: 0044AD5B
                                • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0044AF1A,00000001,00000001,A4E85006,?,?,?), ref: 0044ADA9
                                • __alloca_probe_16.LIBCMT ref: 0044AE40
                                • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,A4E85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0044AEA3
                                • __freea.LIBCMT ref: 0044AEB0
                                  • Part of subcall function 004461B8: RtlAllocateHeap.NTDLL(00000000,00435349,?,?,004388C7,?,?,00000000,00476B60,?,0040DE9D,00435349,?,?,?,?), ref: 004461EA
                                • __freea.LIBCMT ref: 0044AEB9
                                • __freea.LIBCMT ref: 0044AEDE
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocateHeap
                                • String ID: tC
                                • API String ID: 3864826663-886086030
                                • Opcode ID: a3cbb47ee8d45342a2f0fb6a002504832f0ae0c467949e665f7c3dc78735deda
                                • Instruction ID: de232b2c18f644b0009b05ef7aad101f1c584e700cc6948cb3d999d9ae9be8cc
                                • Opcode Fuzzy Hash: a3cbb47ee8d45342a2f0fb6a002504832f0ae0c467949e665f7c3dc78735deda
                                • Instruction Fuzzy Hash: 41514C72A80206AFFB258F64CC41EBF77A9DB44750F25462EFC14D7240EB38DC60869A
                                Function 004054A0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 155windowmemoryCOMMON
                                Download Yara Rule
                                APIs
                                • SetEvent.KERNEL32(?,?), ref: 004054BF
                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 0040556F
                                • TranslateMessage.USER32(?), ref: 0040557E
                                • DispatchMessageA.USER32(?), ref: 00405589
                                • HeapCreate.KERNEL32(00000000,00000000,00000000,00000074,00474F88), ref: 00405641
                                • HeapFree.KERNEL32(00000000,00000000,0000003B,0000003B,?,00000000), ref: 00405679
                                  • Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Message$Heap$CreateDispatchEventFreeTranslatesend
                                • String ID: CloseChat$DisplayMessage$GetMessage
                                • API String ID: 2956720200-749203953
                                • Opcode ID: 09137e8bea7d33fb837f7fe2b696b317327ea04d9ad1de2245795383c2592dc4
                                • Instruction ID: af141abdc89e6f99b360bf73ca1bd21391e8bea30a055eafc68b1e1601de11b4
                                • Opcode Fuzzy Hash: 09137e8bea7d33fb837f7fe2b696b317327ea04d9ad1de2245795383c2592dc4
                                • Instruction Fuzzy Hash: 6F419E71604301ABCB14FB76DC5A86F37A9AB85704F40493EF516A32E1EF3C8905CB9A
                                Function 00417D1A Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 108filesynchronizationCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00417F67: __EH_prolog.LIBCMT ref: 00417F6C
                                • WaitForSingleObject.KERNEL32(00000000,000000FF,00000070,004660B4), ref: 00417E17
                                • CloseHandle.KERNEL32(00000000), ref: 00417E20
                                • DeleteFileA.KERNEL32(00000000), ref: 00417E2F
                                • ShellExecuteExA.SHELL32(0000003C,00000000,00000010,?,?,?), ref: 00417DE3
                                  • Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CloseDeleteExecuteFileH_prologHandleObjectShellSingleWaitsend
                                • String ID: <$@$@VG$@VG$Temp
                                • API String ID: 1704390241-1291085672
                                • Opcode ID: 9a720f4f888f1525bdbf75a62ef7587c2160d9ec115db0d441fc7e9c2bd624ef
                                • Instruction ID: 17e4c8e037c7e297ff37edeb8814921eaebe5ca95f3622e3753009d7d6553322
                                • Opcode Fuzzy Hash: 9a720f4f888f1525bdbf75a62ef7587c2160d9ec115db0d441fc7e9c2bd624ef
                                • Instruction Fuzzy Hash: 15417E319002199ACB14FB62DC56AEE7735AF00318F50417EF50A761E1EF7C5A8ACB99
                                Function 004073E7 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 99COMMON
                                Download Yara Rule
                                APIs
                                • GetCurrentProcess.KERNEL32(00472B28,00000000,RGw@,00003000,00000004,00000000,00000001), ref: 00407418
                                • GetCurrentProcess.KERNEL32(00472B28,00000000,00008000,?,00000000,00000001,00000000,00407691,C:\Users\user\Desktop\NEW ORDER- 4788467.exe), ref: 004074D9
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CurrentProcess
                                • String ID: PEB: %x$[+] NtAllocateVirtualMemory Success$[-] NtAllocateVirtualMemory Error$\explorer.exe$explorer.exe$windir$RGw@
                                • API String ID: 2050909247-1783200977
                                • Opcode ID: 388438052e7e30b588e7d3166e4db1111c2ea5f522d7d9004c0fa115fe63263f
                                • Instruction ID: b8c3dc73ce560081c95a6921e0e4b034ac7c55c8f908ce4a4bfc67d5bc942e58
                                • Opcode Fuzzy Hash: 388438052e7e30b588e7d3166e4db1111c2ea5f522d7d9004c0fa115fe63263f
                                • Instruction Fuzzy Hash: 7631C271604700ABD311EF65DE46F1677A8FB48315F10087EF509E6292DBB8B8418B6E
                                Function 0041697B Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 46clipboardCOMMON
                                Download Yara Rule
                                APIs
                                • OpenClipboard.USER32 ref: 0041697C
                                • EmptyClipboard.USER32 ref: 0041698A
                                • CloseClipboard.USER32 ref: 00416990
                                • OpenClipboard.USER32 ref: 00416997
                                • GetClipboardData.USER32(0000000D), ref: 004169A7
                                • GlobalLock.KERNEL32(00000000), ref: 004169B0
                                • GlobalUnlock.KERNEL32(00000000), ref: 004169B9
                                • CloseClipboard.USER32 ref: 004169BF
                                  • Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Clipboard$CloseGlobalOpen$DataEmptyLockUnlocksend
                                • String ID: !D@
                                • API String ID: 2172192267-604454484
                                • Opcode ID: 714596017678f15f46549e3b50181fa6cb84449448661dd5f115107523fa2353
                                • Instruction ID: 51ec5b3583c04982a71d168622c94cade283f75070810aedfe93923cca0dc87c
                                • Opcode Fuzzy Hash: 714596017678f15f46549e3b50181fa6cb84449448661dd5f115107523fa2353
                                • Instruction Fuzzy Hash: 41014C31204301EFC714BB72DC49AAE7BA5AF88742F40047EF906861E2DF388C45C659
                                Function 0041330D Relevance: 15.2, APIs: 10, Instructions: 153fileCOMMON
                                Download Yara Rule
                                APIs
                                • CreateFileMappingW.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 00413452
                                • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 00413460
                                • GetFileSize.KERNEL32(?,00000000), ref: 0041346D
                                • UnmapViewOfFile.KERNEL32(00000000), ref: 0041348D
                                • CloseHandle.KERNEL32(00000000), ref: 0041349A
                                • CloseHandle.KERNEL32(?), ref: 004134A0
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: File$CloseHandleView$CreateMappingSizeUnmap
                                • String ID:
                                • API String ID: 297527592-0
                                • Opcode ID: 76449038435623d12e340f910cbc8e4a512a0fe83063de5a1b16e7d691261e79
                                • Instruction ID: cfdeae1586e3f17d3ae994cf28232467201964e06db1490d1c70a6fe2d897c90
                                • Opcode Fuzzy Hash: 76449038435623d12e340f910cbc8e4a512a0fe83063de5a1b16e7d691261e79
                                • Instruction Fuzzy Hash: A841F371104301BBD7109F26EC49F6B3BACEFC9769F10052EF655D21A2DB38DA40866E
                                Function 0041AB9E Relevance: 15.1, APIs: 10, Instructions: 66serviceCOMMON
                                Download Yara Rule
                                APIs
                                • OpenSCManagerW.ADVAPI32(00000000,00000000,00000011,00000000,00000001,?,?,?,?,?,?,0041A517,00000000), ref: 0041ABAD
                                • OpenServiceW.ADVAPI32(00000000,00000000,000F003F,?,?,?,?,?,?,0041A517,00000000), ref: 0041ABC4
                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041A517,00000000), ref: 0041ABD1
                                • ControlService.ADVAPI32(00000000,00000001,?,?,?,?,?,?,?,0041A517,00000000), ref: 0041ABE0
                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041A517,00000000), ref: 0041ABF1
                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041A517,00000000), ref: 0041ABF4
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Service$CloseHandle$Open$ControlManager
                                • String ID:
                                • API String ID: 221034970-0
                                • Opcode ID: eb6abd722e0cae9a5b5ac2f6fd433bf2c3c2a2b9123b5e78852541010ca8cce1
                                • Instruction ID: a7ddf6af562b27afc3fdb57d9320cc893b1711f81dd6882f7bac22400d97ef93
                                • Opcode Fuzzy Hash: eb6abd722e0cae9a5b5ac2f6fd433bf2c3c2a2b9123b5e78852541010ca8cce1
                                • Instruction Fuzzy Hash: 1411E931501218BFD711AF64DC85CFF3B6CDB41B66B000426FA0692191EB689D46AAFA
                                Function 004481A1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                Download Yara Rule
                                APIs
                                • _free.LIBCMT ref: 004481B5
                                  • Part of subcall function 00446802: HeapFree.KERNEL32(00000000,00000000,?,00450CEF,?,00000000,?,00000000,?,00450F93,?,00000007,?,?,004514DE,?), ref: 00446818
                                  • Part of subcall function 00446802: GetLastError.KERNEL32(?,?,00450CEF,?,00000000,?,00000000,?,00450F93,?,00000007,?,?,004514DE,?,?), ref: 0044682A
                                • _free.LIBCMT ref: 004481C1
                                • _free.LIBCMT ref: 004481CC
                                • _free.LIBCMT ref: 004481D7
                                • _free.LIBCMT ref: 004481E2
                                • _free.LIBCMT ref: 004481ED
                                • _free.LIBCMT ref: 004481F8
                                • _free.LIBCMT ref: 00448203
                                • _free.LIBCMT ref: 0044820E
                                • _free.LIBCMT ref: 0044821C
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$ErrorFreeHeapLast
                                • String ID:
                                • API String ID: 776569668-0
                                • Opcode ID: 7409258e8d3de90c3944c0df00460aed843c684c15a9003062b0a9d40dd376ab
                                • Instruction ID: 68a5115f29dd4dda1e04096f5587add38bc33a27c3b2fba9646c6a67a64c999e
                                • Opcode Fuzzy Hash: 7409258e8d3de90c3944c0df00460aed843c684c15a9003062b0a9d40dd376ab
                                • Instruction Fuzzy Hash: AA11E9B6901108BFDB01FF55C852CDD3B65FF05354B0244AAF9488F222DB75DE509B95
                                Function 0040A761 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 163sleepCOMMON
                                Download Yara Rule
                                APIs
                                • Sleep.KERNEL32(00001388), ref: 0040A77B
                                  • Part of subcall function 0040A6B0: CreateFileW.KERNEL32(00000000,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,0040A788), ref: 0040A6E6
                                  • Part of subcall function 0040A6B0: GetFileSize.KERNEL32(00000000,00000000,?,?,?,0040A788), ref: 0040A6F5
                                  • Part of subcall function 0040A6B0: Sleep.KERNEL32(00002710,?,?,?,0040A788), ref: 0040A722
                                  • Part of subcall function 0040A6B0: CloseHandle.KERNEL32(00000000,?,?,?,0040A788), ref: 0040A729
                                • CreateDirectoryW.KERNEL32(00000000,00000000), ref: 0040A7B7
                                • GetFileAttributesW.KERNEL32(00000000), ref: 0040A7C8
                                • SetFileAttributesW.KERNEL32(00000000,00000080), ref: 0040A7DF
                                • PathFileExistsW.SHLWAPI(00000000,00000000,00000000,00000012), ref: 0040A859
                                  • Part of subcall function 0041C516: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,?,00000000,0040412F,00465E84), ref: 0041C52F
                                • SetFileAttributesW.KERNEL32(00000000,00000006,00000013,00466478,00000000,00000000,00000000), ref: 0040A962
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: File$AttributesCreate$Sleep$CloseDirectoryExistsHandlePathSize
                                • String ID: HSG$HSG
                                • API String ID: 3795512280-2729845973
                                • Opcode ID: 66f46599578da9462cfc73df4298f3e368e9e17d46714e4cb5b61a7eab0f7c39
                                • Instruction ID: b4a8632174cffc949347442128fe52ffedc09667b4c22c284aa084888e76bad6
                                • Opcode Fuzzy Hash: 66f46599578da9462cfc73df4298f3e368e9e17d46714e4cb5b61a7eab0f7c39
                                • Instruction Fuzzy Hash: AC518D716043015ACB15BB72C866ABE77AA9F80349F00483FF642B71E2DF7C9D09865E
                                Function 00455F84 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 154COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,0045707F), ref: 00455FA7
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: DecodePointer
                                • String ID: acos$asin$exp$log$log10$pow$sqrt
                                • API String ID: 3527080286-3064271455
                                • Opcode ID: d3e7b15c46cdd208759493adff4216d8049d52db36716e3e1ce652e173acd39f
                                • Instruction ID: 9e278d4a377d0ea10dd73248deb0d867b2e8f6339126d6964ada8e5ca1a1e79f
                                • Opcode Fuzzy Hash: d3e7b15c46cdd208759493adff4216d8049d52db36716e3e1ce652e173acd39f
                                • Instruction Fuzzy Hash: AA515071900909DBCB10DF58E9481BDBBB0FB49306F924197D841A7296DB798928CB1E
                                Function 004174D0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 104sleepfileCOMMON
                                Download Yara Rule
                                APIs
                                • ShellExecuteW.SHELL32(00000000,open,dxdiag,00000000,00000000,00000000), ref: 00417530
                                  • Part of subcall function 0041C516: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,?,00000000,0040412F,00465E84), ref: 0041C52F
                                • Sleep.KERNEL32(00000064), ref: 0041755C
                                • DeleteFileW.KERNEL32(00000000), ref: 00417590
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: File$CreateDeleteExecuteShellSleep
                                • String ID: /t $\sysinfo.txt$dxdiag$open$temp
                                • API String ID: 1462127192-2001430897
                                • Opcode ID: e8b4fca93a7b34008ea3c75acf4dc85b924ed7c95a3e0f0b1cc7aaeee82b06eb
                                • Instruction ID: 4d831fdf2c11e0d815db77489a542135a470e493f6e320739c61594aa9f7fbeb
                                • Opcode Fuzzy Hash: e8b4fca93a7b34008ea3c75acf4dc85b924ed7c95a3e0f0b1cc7aaeee82b06eb
                                • Instruction Fuzzy Hash: A4313D71940119AADB04FBA1DC96DED7739AF50309F00017EF606731E2EF785A8ACA9C
                                Function 00410E9C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 75COMMON
                                Download Yara Rule
                                APIs
                                • std::_Lockit::_Lockit.LIBCPMT ref: 00410EA9
                                • int.LIBCPMT ref: 00410EBC
                                  • Part of subcall function 0040E0FC: std::_Lockit::_Lockit.LIBCPMT ref: 0040E10D
                                  • Part of subcall function 0040E0FC: std::_Lockit::~_Lockit.LIBCPMT ref: 0040E127
                                • std::_Facet_Register.LIBCPMT ref: 00410EFC
                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00410F05
                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00410F23
                                • __Init_thread_footer.LIBCMT ref: 00410F64
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_Init_thread_footerRegisterThrow
                                • String ID: <kG$@kG
                                • API String ID: 3815856325-1261746286
                                • Opcode ID: a775fd09b9bd59cd8d1293661eff86217fedb4cdc6fe336e067938c0c3205025
                                • Instruction ID: 0588f859592fb32d2b707c82d02c9514845f82bff388d80d729849e078334d39
                                • Opcode Fuzzy Hash: a775fd09b9bd59cd8d1293661eff86217fedb4cdc6fe336e067938c0c3205025
                                • Instruction Fuzzy Hash: 622107329005249BCB14FBAAD8429DE7769DF48324F21416FF904E72D1DBB9AD818BDC
                                Function 0041D4EE Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 48windowstringCOMMON
                                Download Yara Rule
                                APIs
                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0041D507
                                  • Part of subcall function 0041D5A0: RegisterClassExA.USER32(00000030), ref: 0041D5EC
                                  • Part of subcall function 0041D5A0: CreateWindowExA.USER32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,000000FD,00000000,00000000,00000000), ref: 0041D607
                                  • Part of subcall function 0041D5A0: GetLastError.KERNEL32 ref: 0041D611
                                • ExtractIconA.SHELL32(00000000,?,00000000), ref: 0041D53E
                                • lstrcpynA.KERNEL32(00474B70,Remcos,00000080), ref: 0041D558
                                • Shell_NotifyIconA.SHELL32(00000000,00474B58), ref: 0041D56E
                                • TranslateMessage.USER32(?), ref: 0041D57A
                                • DispatchMessageA.USER32(?), ref: 0041D584
                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 0041D591
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Message$Icon$ClassCreateDispatchErrorExtractFileLastModuleNameNotifyRegisterShell_TranslateWindowlstrcpyn
                                • String ID: Remcos
                                • API String ID: 1970332568-165870891
                                • Opcode ID: 731e0475cdd51c62647780fa2fa3280f65193767bc99efc51189d173a824088e
                                • Instruction ID: c2fc9e39e559a2afed00746d39c192473857db467f2681b349ddfe36236392a3
                                • Opcode Fuzzy Hash: 731e0475cdd51c62647780fa2fa3280f65193767bc99efc51189d173a824088e
                                • Instruction Fuzzy Hash: 11015EB1840348EBD7109FA1EC4CFABBBBCABC5705F00406AF505921A1D7B8E885CB6D
                                Function 0044CE00 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 41332500f0008602d77d1c660e50033fd15bda36b9a02a1f3ccc300d02d52732
                                • Instruction ID: c312da418a410335279f0cc1971bad4557be7deeadefc114a47e367d78dfde09
                                • Opcode Fuzzy Hash: 41332500f0008602d77d1c660e50033fd15bda36b9a02a1f3ccc300d02d52732
                                • Instruction Fuzzy Hash: 94C1FA70D04249AFEF11DFA8CC41BAE7BB0AF09304F19415AE915A7392C77C9941CB69
                                Function 00453E03 Relevance: 13.8, APIs: 9, Instructions: 268COMMON
                                Download Yara Rule
                                APIs
                                • GetCPInfo.KERNEL32(00000000,00000001,?,7FFFFFFF,?,?,004540DC,00000000,00000000,?,00000001,?,?,?,?,00000001), ref: 00453EAF
                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000001,00000000,00000000,?,004540DC,00000000,00000000,?,00000001,?,?,?,?), ref: 00453F32
                                • __alloca_probe_16.LIBCMT ref: 00453F6A
                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000001,00000000,004540DC,?,004540DC,00000000,00000000,?,00000001,?,?,?,?), ref: 00453FC5
                                • __alloca_probe_16.LIBCMT ref: 00454014
                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,004540DC,00000000,00000000,?,00000001,?,?,?,?), ref: 00453FDC
                                  • Part of subcall function 004461B8: RtlAllocateHeap.NTDLL(00000000,00435349,?,?,004388C7,?,?,00000000,00476B60,?,0040DE9D,00435349,?,?,?,?), ref: 004461EA
                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,004540DC,00000000,00000000,?,00000001,?,?,?,?), ref: 00454058
                                • __freea.LIBCMT ref: 00454083
                                • __freea.LIBCMT ref: 0045408F
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ByteCharMultiWide$__alloca_probe_16__freea$AllocateHeapInfo
                                • String ID:
                                • API String ID: 201697637-0
                                • Opcode ID: 3cd8063f553076ce798424c5fc2191fe96cf15845bda9c8b0815eea935c1a584
                                • Instruction ID: 957693029e8655488503f3238c5b69ab87e72ad781d0cd1ca1c521277c14990f
                                • Opcode Fuzzy Hash: 3cd8063f553076ce798424c5fc2191fe96cf15845bda9c8b0815eea935c1a584
                                • Instruction Fuzzy Hash: 2B91D472E002069BDB208E65C846EEFBBF59F49756F14051BED00EB282D73DCD898769
                                Function 004451FA Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 266COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00448295: GetLastError.KERNEL32(?,0043F770,0043A875,0043F770,00474F08,?,0043CE65,FF8BC35D,00474F08,00474F08), ref: 00448299
                                  • Part of subcall function 00448295: _free.LIBCMT ref: 004482CC
                                  • Part of subcall function 00448295: SetLastError.KERNEL32(00000000,FF8BC35D,00474F08,00474F08), ref: 0044830D
                                  • Part of subcall function 00448295: _abort.LIBCMT ref: 00448313
                                • _memcmp.LIBVCRUNTIME ref: 004454A4
                                • _free.LIBCMT ref: 00445515
                                • _free.LIBCMT ref: 0044552E
                                • _free.LIBCMT ref: 00445560
                                • _free.LIBCMT ref: 00445569
                                • _free.LIBCMT ref: 00445575
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$ErrorLast$_abort_memcmp
                                • String ID: C
                                • API String ID: 1679612858-1037565863
                                • Opcode ID: 57e83dca3a851dc1354698b3345e0422ed2f7d5811d10dab12b85ea15fb2e044
                                • Instruction ID: c5fa7cd4a0def74fccfc383a36f0c71fd12082b8797d706f49daa7c6421ebafc
                                • Opcode Fuzzy Hash: 57e83dca3a851dc1354698b3345e0422ed2f7d5811d10dab12b85ea15fb2e044
                                • Instruction Fuzzy Hash: D4B13775A016199FEB24DF18C885BAEB7B4FF48304F5085EAE809A7351E774AE90CF44
                                Function 00414945 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 225COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: tcp$udp
                                • API String ID: 0-3725065008
                                • Opcode ID: e3882082d73cb51732241927fa811467e6376eb334e21639ae703d67e169e483
                                • Instruction ID: 4fb2fbaa1818e082f2863e0a7c91e4ace7fe62ed23b491eff3584b955907a2f3
                                • Opcode Fuzzy Hash: e3882082d73cb51732241927fa811467e6376eb334e21639ae703d67e169e483
                                • Instruction Fuzzy Hash: FC7197706083028FDB248F55D4817ABB7E4AFC8355F20482FF88697351E778DE858B9A
                                Function 00411530 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 191COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Eventinet_ntoa
                                • String ID: GetDirectListeningPort$StartForward$StartReverse$StopForward$StopReverse
                                • API String ID: 3578746661-168337528
                                • Opcode ID: a0556ed9d2100ee8abb1fb57ccf1e2a8185feebd5893978c1c9b1bd6516f1349
                                • Instruction ID: cd9a01f22de2d9f6a9994d78948339ea64d6c0f71f497d0a384e35af32d82467
                                • Opcode Fuzzy Hash: a0556ed9d2100ee8abb1fb57ccf1e2a8185feebd5893978c1c9b1bd6516f1349
                                • Instruction Fuzzy Hash: 0E51C531A042015BC724FB36D95AAAE36A5AB80344F40453FF606576F2EF7C8985C7DE
                                Function 0040799E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102fileCOMMON
                                Download Yara Rule
                                APIs
                                • CreateFileW.KERNEL32(00000000,00000004,00000000,00000000,00000002,00000080,00000000,00000000,00474EF0,00465FB4,?,00000000,00408037,00000000), ref: 00407A00
                                • WriteFile.KERNEL32(00000000,?,00000000,000186A0,00000000,?,000186A0,?,?,00000000,00408037,00000000,?,?,0000000A,00000000), ref: 00407A48
                                  • Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36
                                • CloseHandle.KERNEL32(00000000,?,00000000,00408037,00000000,?,?,0000000A,00000000), ref: 00407A88
                                • MoveFileW.KERNEL32(00000000,00000000), ref: 00407AA5
                                • CloseHandle.KERNEL32(00000000,00000057,?,00000008,?,?,?,?,?,?,?,0000000A,00000000), ref: 00407AD0
                                • DeleteFileW.KERNEL32(00000000,?,?,?,?,?,?,?,0000000A,00000000), ref: 00407AE0
                                  • Part of subcall function 00404B96: WaitForSingleObject.KERNEL32(?,000000FF,00000000,00474F08,00404C49,00000000,?,?,00000000,00474F08,00404AC9), ref: 00404BA5
                                  • Part of subcall function 00404B96: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040548B), ref: 00404BC3
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: File$CloseHandle$CreateDeleteEventMoveObjectSingleWaitWritesend
                                • String ID: .part
                                • API String ID: 1303771098-3499674018
                                • Opcode ID: e7cafca0780e8310386d8ce0e2b4e9b02ff549ab184a3408e64b8b6c6c25ff2e
                                • Instruction ID: fa021c15c5d1e87e569c09a19ead990ccf19330fc060556597d24b4305e87d8f
                                • Opcode Fuzzy Hash: e7cafca0780e8310386d8ce0e2b4e9b02ff549ab184a3408e64b8b6c6c25ff2e
                                • Instruction Fuzzy Hash: 3A31B571508345AFC310EB61D84599FB3A8FF94359F00493FB945A21D2EB78EE08CB9A
                                Function 00401B8F Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 89COMMON
                                Download Yara Rule
                                APIs
                                • _strftime.LIBCMT ref: 00401BD4
                                  • Part of subcall function 00401CE9: CreateFileW.KERNEL32(00000000,40000000,00000000), ref: 00401D55
                                • waveInUnprepareHeader.WINMM(00472A88,00000020,00000000,?), ref: 00401C86
                                • waveInPrepareHeader.WINMM(00472A88,00000020), ref: 00401CC4
                                • waveInAddBuffer.WINMM(00472A88,00000020), ref: 00401CD3
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: wave$Header$BufferCreateFilePrepareUnprepare_strftime
                                • String ID: %Y-%m-%d %H.%M$.wav$tMG
                                • API String ID: 3809562944-3627046146
                                • Opcode ID: 210fd9ba1251f706d0f6ced8dacb23af96e0d20cc0fe8c7829aa69d3c0beebe0
                                • Instruction ID: 77224d9c3c18060e3821781750c24aeed92f5db76bec914a8a88ddbccf287b9a
                                • Opcode Fuzzy Hash: 210fd9ba1251f706d0f6ced8dacb23af96e0d20cc0fe8c7829aa69d3c0beebe0
                                • Instruction Fuzzy Hash: 5F3181315043019FC325EB62DD46A9A77A8FB84319F40443EF149A31F2EFB89949CB9A
                                Function 004199DB Relevance: 12.1, APIs: 8, Instructions: 117keyboardCOMMON
                                Download Yara Rule
                                APIs
                                • SendInput.USER32 ref: 00419A25
                                • SendInput.USER32(00000001,?,0000001C,00000000), ref: 00419A4D
                                • SendInput.USER32(00000001,0000001C,0000001C), ref: 00419A74
                                • SendInput.USER32(00000001,0000001C,0000001C), ref: 00419A92
                                • SendInput.USER32(00000001,0000001C,0000001C), ref: 00419AB2
                                • SendInput.USER32(00000001,0000001C,0000001C), ref: 00419AD7
                                • SendInput.USER32(00000001,0000001C,0000001C), ref: 00419AF9
                                • SendInput.USER32(00000001,00000000,0000001C), ref: 00419B1C
                                  • Part of subcall function 004199CE: MapVirtualKeyA.USER32(00000000,00000000), ref: 004199D4
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: InputSend$Virtual
                                • String ID:
                                • API String ID: 1167301434-0
                                • Opcode ID: fc4380392ba50379eb6d472fb1d17d58296046c22f58e77cb3b57b5de18c14a3
                                • Instruction ID: b6cba15de7ba168fc32b54cb564de1fb898aed6d56f2455a0f9f7e0387a20004
                                • Opcode Fuzzy Hash: fc4380392ba50379eb6d472fb1d17d58296046c22f58e77cb3b57b5de18c14a3
                                • Instruction Fuzzy Hash: 2431AE71218349A9E220DFA5DC41BDFBBECAF89B44F04080FF58457291CAA49D8C876B
                                Function 004475F1 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 389COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: __freea$__alloca_probe_16_free
                                • String ID: a/p$am/pm$h{D
                                • API String ID: 2936374016-2303565833
                                • Opcode ID: 4ddb7e6ff69264204235b909ea28f14837368a743d4617b198cabd7c05983ebc
                                • Instruction ID: c225e1f32c331ede1d29eb10815d0f52c76e58365e66366979e06629ded2ae5c
                                • Opcode Fuzzy Hash: 4ddb7e6ff69264204235b909ea28f14837368a743d4617b198cabd7c05983ebc
                                • Instruction Fuzzy Hash: 94D1E1719082068AFB299F68C845ABFB7B1EF05300F28455BE501AB351D73D9E43CBA9
                                Function 00444D7C Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 004461B8: RtlAllocateHeap.NTDLL(00000000,00435349,?,?,004388C7,?,?,00000000,00476B60,?,0040DE9D,00435349,?,?,?,?), ref: 004461EA
                                • _free.LIBCMT ref: 00444E87
                                • _free.LIBCMT ref: 00444E9E
                                • _free.LIBCMT ref: 00444EBD
                                • _free.LIBCMT ref: 00444ED8
                                • _free.LIBCMT ref: 00444EEF
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$AllocateHeap
                                • String ID: KED
                                • API String ID: 3033488037-2133951994
                                • Opcode ID: 4e35ff1e2d87e21165085a9225b40beb0941a1a7db736cbd5727a613c3eec6b7
                                • Instruction ID: 6eb5fd97c930506827bd935ec23fdf2bd7e2f8155051dcdfd38a61b70e77380a
                                • Opcode Fuzzy Hash: 4e35ff1e2d87e21165085a9225b40beb0941a1a7db736cbd5727a613c3eec6b7
                                • Instruction Fuzzy Hash: 2351B371A00604ABEB20DF29CC42B6B77F4FF89724B25456EE809D7751E739E901CB98
                                Function 0044B43C Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • GetConsoleCP.KERNEL32(FF8BC35D,00000000,?,?,?,?,?,?,?,0044BBB1,?,00000000,FF8BC35D,00000000,00000000,FF8BC369), ref: 0044B47E
                                • __fassign.LIBCMT ref: 0044B4F9
                                • __fassign.LIBCMT ref: 0044B514
                                • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,FF8BC35D,00000005,00000000,00000000), ref: 0044B53A
                                • WriteFile.KERNEL32(?,FF8BC35D,00000000,0044BBB1,00000000,?,?,?,?,?,?,?,?,?,0044BBB1,?), ref: 0044B559
                                • WriteFile.KERNEL32(?,?,00000001,0044BBB1,00000000,?,?,?,?,?,?,?,?,?,0044BBB1,?), ref: 0044B592
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                • String ID:
                                • API String ID: 1324828854-0
                                • Opcode ID: 311db8d3e4a1a0a231de64f74e89b34bd80b314b172ec9a4a2cdea1eea97895d
                                • Instruction ID: 262f0c9efa3d8d05c94b564727faad167cb6e35c827a04fe4b8fb241bd644287
                                • Opcode Fuzzy Hash: 311db8d3e4a1a0a231de64f74e89b34bd80b314b172ec9a4a2cdea1eea97895d
                                • Instruction Fuzzy Hash: 2151B470A00249AFDB10CFA8D845AEEFBF8EF09304F14456BE955E7291E734D941CBA9
                                Function 0040186A Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 142threadCOMMON
                                Download Yara Rule
                                APIs
                                • __Init_thread_footer.LIBCMT ref: 004018BE
                                • ExitThread.KERNEL32 ref: 004018F6
                                • waveInUnprepareHeader.WINMM(?,00000020,00000000,?,00000020,00474EF0,00000000), ref: 00401A04
                                  • Part of subcall function 00434801: __onexit.LIBCMT ref: 00434807
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ExitHeaderInit_thread_footerThreadUnprepare__onexitwave
                                • String ID: `kG$hMG$kG
                                • API String ID: 1649129571-3851552405
                                • Opcode ID: e7d59365cf8a2a51c340e4573cf07ad470a5e8a59a5c5c9771ed2099c48a02bd
                                • Instruction ID: dc699b77c08b599092ddf19de7d80486fcd8c0a7edd7622242773fc29a9484b7
                                • Opcode Fuzzy Hash: e7d59365cf8a2a51c340e4573cf07ad470a5e8a59a5c5c9771ed2099c48a02bd
                                • Instruction Fuzzy Hash: 3441C2312042009BC324FB36DD96ABE73A6AB85354F00453FF54AA61F1DF38AD4AC61E
                                Function 0041B71B Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 91COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00413656: RegOpenKeyExW.ADVAPI32(80000001,00000400,00000000,00020019,?,004750F4), ref: 00413678
                                  • Part of subcall function 00413656: RegQueryValueExW.ADVAPI32(?,0040F34E,00000000,00000000,?,00000400), ref: 00413697
                                  • Part of subcall function 00413656: RegCloseKey.ADVAPI32(?), ref: 004136A0
                                  • Part of subcall function 0041C048: GetCurrentProcess.KERNEL32(?,?,?,0040DAE5,WinDir,00000000,00000000), ref: 0041C059
                                • _wcslen.LIBCMT ref: 0041B7F4
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CloseCurrentOpenProcessQueryValue_wcslen
                                • String ID: .exe$HSG$http\shell\open\command$program files (x86)\$program files\
                                • API String ID: 37874593-930133217
                                • Opcode ID: 98e5383603199a3ae91f152b580e0980a92f5ba97d9c345e2d64d7e8863b9e47
                                • Instruction ID: 00334f857bbe6022557327a28fa8f115e820bd32ca6b34e50ab8c41aa79dd428
                                • Opcode Fuzzy Hash: 98e5383603199a3ae91f152b580e0980a92f5ba97d9c345e2d64d7e8863b9e47
                                • Instruction Fuzzy Hash: 42218872A001046BDB14BAB59CD6AFE766D9B48728F10043FF505B72C3EE3C9D49426D
                                Function 0040BF24 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 87COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 004135E1: RegOpenKeyExA.KERNELBASE(80000001,00000400,00000000,00020019,?), ref: 00413605
                                  • Part of subcall function 004135E1: RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000400), ref: 00413622
                                  • Part of subcall function 004135E1: RegCloseKey.KERNELBASE(?), ref: 0041362D
                                • ExpandEnvironmentStringsA.KERNEL32(00000000,?,00000104,00000000), ref: 0040BFA6
                                • PathFileExistsA.SHLWAPI(?), ref: 0040BFB3
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CloseEnvironmentExistsExpandFileOpenPathQueryStringsValue
                                • String ID: [IE cookies cleared!]$[IE cookies not found]$Cookies$Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
                                • API String ID: 1133728706-4073444585
                                • Opcode ID: a976107ae4362f42920dfdb3ecba022a246b7b1703a55ed826806908a238449e
                                • Instruction ID: 7718d61ab729039ae94473664947c91a52367f601ff6055b29c84dcba8ed2574
                                • Opcode Fuzzy Hash: a976107ae4362f42920dfdb3ecba022a246b7b1703a55ed826806908a238449e
                                • Instruction Fuzzy Hash: E7215230A40219A6CB14F7F1CC969EE7729AF50744F80017FE502B71D1EB7D6945C6DA
                                Function 00456BD3 Relevance: 10.6, APIs: 7, Instructions: 80COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6348a53403ba44e76667cab5d3d4b8c4f90ca5e92cff7b4211fa09d26e343de5
                                • Instruction ID: d4e598e7927038c57750db0ba161657e9615562456f8c919f0676739ef068bdb
                                • Opcode Fuzzy Hash: 6348a53403ba44e76667cab5d3d4b8c4f90ca5e92cff7b4211fa09d26e343de5
                                • Instruction Fuzzy Hash: 931127B2504214BBEB216F768C05D1F7A5CEB86726B52062EFD55C7292DA3CCC0186A8
                                Function 00401A6D Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON
                                Download Yara Rule
                                APIs
                                • CreateDirectoryW.KERNEL32(00000000,00000000), ref: 00401A7D
                                • waveInOpen.WINMM(00472AC0,000000FF,00472AC8,Function_00001B8F,00000000,00000000,00000024), ref: 00401B13
                                • waveInPrepareHeader.WINMM(00472A88,00000020), ref: 00401B67
                                • waveInAddBuffer.WINMM(00472A88,00000020), ref: 00401B76
                                • waveInStart.WINMM ref: 00401B82
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: wave$BufferCreateDirectoryHeaderOpenPrepareStart
                                • String ID: tMG
                                • API String ID: 1356121797-30866661
                                • Opcode ID: fcff18681eae06644500fa2447b05236e1dac46e0004316a84fd1a613709cab6
                                • Instruction ID: cbef553d477d36f78321a165484ecc4410fcecc505b8f9aca62d01b994c6c3e6
                                • Opcode Fuzzy Hash: fcff18681eae06644500fa2447b05236e1dac46e0004316a84fd1a613709cab6
                                • Instruction Fuzzy Hash: 8E2148716042019FC7299F6AEE09A697BAAFB84711B04403EE10DD76F1DBF848C5CB2C
                                Function 00450F7A Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00450CC1: _free.LIBCMT ref: 00450CEA
                                • _free.LIBCMT ref: 00450FC8
                                  • Part of subcall function 00446802: HeapFree.KERNEL32(00000000,00000000,?,00450CEF,?,00000000,?,00000000,?,00450F93,?,00000007,?,?,004514DE,?), ref: 00446818
                                  • Part of subcall function 00446802: GetLastError.KERNEL32(?,?,00450CEF,?,00000000,?,00000000,?,00450F93,?,00000007,?,?,004514DE,?,?), ref: 0044682A
                                • _free.LIBCMT ref: 00450FD3
                                • _free.LIBCMT ref: 00450FDE
                                • _free.LIBCMT ref: 00451032
                                • _free.LIBCMT ref: 0045103D
                                • _free.LIBCMT ref: 00451048
                                • _free.LIBCMT ref: 00451053
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$ErrorFreeHeapLast
                                • String ID:
                                • API String ID: 776569668-0
                                • Opcode ID: 5e629f50e4f6999c0b477f1519b6f3e41be6fc4275a29973627e91760813f884
                                • Instruction ID: 345e916fd15b447c36d88a7a8914fd19e4c3e0710e9d23c2e9f19f8556552687
                                • Opcode Fuzzy Hash: 5e629f50e4f6999c0b477f1519b6f3e41be6fc4275a29973627e91760813f884
                                • Instruction Fuzzy Hash: C111D231402704AAE621BB72CC03FCB779CAF03304F454D2EBEA967153C7ACB4185654
                                Function 0041119E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                Download Yara Rule
                                APIs
                                • std::_Lockit::_Lockit.LIBCPMT ref: 004111AB
                                • int.LIBCPMT ref: 004111BE
                                  • Part of subcall function 0040E0FC: std::_Lockit::_Lockit.LIBCPMT ref: 0040E10D
                                  • Part of subcall function 0040E0FC: std::_Lockit::~_Lockit.LIBCPMT ref: 0040E127
                                • std::_Facet_Register.LIBCPMT ref: 004111FE
                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00411207
                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00411225
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
                                • String ID: 8mG
                                • API String ID: 2536120697-3990007011
                                • Opcode ID: d6f56902d4e8762935de702d4c1b953921ac7c6d7eb456f7c36ab316a66f2fb3
                                • Instruction ID: 3a14b803bc510f5ed1108d30ac07207671fc4f07faef22c9ffd8c11cb1ae2def
                                • Opcode Fuzzy Hash: d6f56902d4e8762935de702d4c1b953921ac7c6d7eb456f7c36ab316a66f2fb3
                                • Instruction Fuzzy Hash: D3112332900124A7CB14EBAAD8018DEBBA99F44364F11456FFE04B72E1DB789E41CBD8
                                Function 0043A3DA Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • GetLastError.KERNEL32(?,?,0043A3D1,0043933E), ref: 0043A3E8
                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0043A3F6
                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0043A40F
                                • SetLastError.KERNEL32(00000000,?,0043A3D1,0043933E), ref: 0043A461
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ErrorLastValue___vcrt_
                                • String ID:
                                • API String ID: 3852720340-0
                                • Opcode ID: 786e665d26cf754d1d2cf441f113ccf6d654ddd054b4af6544b9cbcea7eecff9
                                • Instruction ID: 228fd8bb196f6ae1284969ba5442ea73dc67404c1df350b3d70410c0baad6fb0
                                • Opcode Fuzzy Hash: 786e665d26cf754d1d2cf441f113ccf6d654ddd054b4af6544b9cbcea7eecff9
                                • Instruction Fuzzy Hash: 87019C322483515EA61027797C8A62B2648EB293B9F30523FF518805F1EF984C90910D
                                Function 004075EB Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 59COMMON
                                Download Yara Rule
                                APIs
                                • CoInitializeEx.OLE32(00000000,00000002,00000000,C:\Users\user\Desktop\NEW ORDER- 4788467.exe), ref: 0040760B
                                  • Part of subcall function 00407538: _wcslen.LIBCMT ref: 0040755C
                                  • Part of subcall function 00407538: CoGetObject.OLE32(?,00000024,00466528,00000000), ref: 004075BD
                                • CoUninitialize.OLE32 ref: 00407664
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: InitializeObjectUninitialize_wcslen
                                • String ID: C:\Users\user\Desktop\NEW ORDER- 4788467.exe$[+] ShellExec success$[+] before ShellExec$[+] ucmCMLuaUtilShellExecMethod
                                • API String ID: 3851391207-3232393623
                                • Opcode ID: d877cea0863f9d3afa12868748af2f8600b5022738d517222c004e226c4c5a05
                                • Instruction ID: e4e7d1672fbddd81374e29e92f863be8f9bad83f72bb7a306ddb251afa86686e
                                • Opcode Fuzzy Hash: d877cea0863f9d3afa12868748af2f8600b5022738d517222c004e226c4c5a05
                                • Instruction Fuzzy Hash: 4501D272B087116BE2246B65DC4AF6B3748DB41B25F11053FF901A62C1EAB9FC0146AB
                                Function 0040BADC Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 49fileCOMMON
                                Download Yara Rule
                                APIs
                                • DeleteFileA.KERNEL32(00000000,\AppData\Local\Google\Chrome\User Data\Default\Cookies), ref: 0040BB18
                                • GetLastError.KERNEL32 ref: 0040BB22
                                Strings
                                • UserProfile, xrefs: 0040BAE8
                                • [Chrome Cookies not found], xrefs: 0040BB3C
                                • [Chrome Cookies found, cleared!], xrefs: 0040BB48
                                • \AppData\Local\Google\Chrome\User Data\Default\Cookies, xrefs: 0040BAE3
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: DeleteErrorFileLast
                                • String ID: [Chrome Cookies found, cleared!]$[Chrome Cookies not found]$UserProfile$\AppData\Local\Google\Chrome\User Data\Default\Cookies
                                • API String ID: 2018770650-304995407
                                • Opcode ID: d4592947abf79dc324386ffcaf4b9b591dee499912662422a1d7ea612805fe04
                                • Instruction ID: 5dee569c6883bfd73109a670bb68234af0f28e4caad238985ba957b2c74b96e7
                                • Opcode Fuzzy Hash: d4592947abf79dc324386ffcaf4b9b591dee499912662422a1d7ea612805fe04
                                • Instruction Fuzzy Hash: 5B01DF71A402055BCA04B7B6CC1B9BE7B24E922704B50017FF502726D6FE3E5D0986CE
                                Function 0041CE2C Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 48memoryCOMMON
                                Download Yara Rule
                                APIs
                                • AllocConsole.KERNEL32(00475348), ref: 0041CE35
                                • ShowWindow.USER32(00000000,00000000), ref: 0041CE4E
                                • SetConsoleOutputCP.KERNEL32(000004E4), ref: 0041CE73
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Console$AllocOutputShowWindow
                                • String ID: Remcos v$5.2.0 Pro$CONOUT$
                                • API String ID: 2425139147-793934204
                                • Opcode ID: 4ac208d8a2a9dd681627466f3850d62ccb8bf7ad48dd9727624a0f6f50ade13e
                                • Instruction ID: a031bdd2f27af694b11ce09d1e3c688e218bb3586dee27dfc95755d0e541b829
                                • Opcode Fuzzy Hash: 4ac208d8a2a9dd681627466f3850d62ccb8bf7ad48dd9727624a0f6f50ade13e
                                • Instruction Fuzzy Hash: 2D014471A80304BBD610F7F19D8BF9EB7AC9B18B05F500527BA04A70D2EB6DD944466E
                                Function 0040729B Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: 0SG$C:\Users\user\Desktop\NEW ORDER- 4788467.exe$RG
                                • API String ID: 0-2835859979
                                • Opcode ID: 6266df8f63f07d9ec3e284de14b260bcf750c81262affdfdd67307fbc2c8eb3d
                                • Instruction ID: 8e81a4762a03630119b5543cf4782e43f3d691fcab72f30749e56a9243805afb
                                • Opcode Fuzzy Hash: 6266df8f63f07d9ec3e284de14b260bcf750c81262affdfdd67307fbc2c8eb3d
                                • Instruction Fuzzy Hash: 08F0F6B0A14141ABCB1067355D286AA3756A784397F00487BF547FB2F2EBBD5C82861E
                                Function 0043AB5C Relevance: 9.3, APIs: 6, Instructions: 284COMMON
                                Download Yara Rule
                                APIs
                                • __allrem.LIBCMT ref: 0043ACE9
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0043AD05
                                • __allrem.LIBCMT ref: 0043AD1C
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0043AD3A
                                • __allrem.LIBCMT ref: 0043AD51
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0043AD6F
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                • String ID:
                                • API String ID: 1992179935-0
                                • Opcode ID: 3b7debe300bd30616e6d17b60b5e1d5511deed8aaa3e59a787e888dcedb96ab2
                                • Instruction ID: c7cd181284538591ee8af1586cca3d38175ba7b34bac8e5aa56d350f01832762
                                • Opcode Fuzzy Hash: 3b7debe300bd30616e6d17b60b5e1d5511deed8aaa3e59a787e888dcedb96ab2
                                • Instruction Fuzzy Hash: 5F815972A40B05ABE7209F29CC41B6FB3A99F48324F24152FF591D67C1E77CE910875A
                                Function 00404371 Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 206sleepCOMMON
                                Download Yara Rule
                                APIs
                                • Sleep.KERNEL32(00000000,?), ref: 004044C4
                                  • Part of subcall function 00404607: __EH_prolog.LIBCMT ref: 0040460C
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: H_prologSleep
                                • String ID: CloseCamera$FreeFrame$GetFrame$OpenCamera$XNG
                                • API String ID: 3469354165-985523790
                                • Opcode ID: c8362e682e7a59062d61984db774975b20dd8a1804118ce2d1cb0219cf894f9e
                                • Instruction ID: 7593a199e81997f2aad1dc538160579efde4e563a54277089fa649d8e7e3dbe8
                                • Opcode Fuzzy Hash: c8362e682e7a59062d61984db774975b20dd8a1804118ce2d1cb0219cf894f9e
                                • Instruction Fuzzy Hash: 2A51E0B1A042106BCA14FB369D0A66E3655ABC4748F00443FFA09676E2DF7D8E46839E
                                Function 00411D39 Relevance: 9.2, APIs: 6, Instructions: 206memoryCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 004117D7: SetLastError.KERNEL32(0000000D,00411D57,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00411D35), ref: 004117DD
                                • SetLastError.KERNEL32(000000C1,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00411D35), ref: 00411D72
                                • GetNativeSystemInfo.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00411D35), ref: 00411DE0
                                • SetLastError.KERNEL32(0000000E,?,?,?,?,?,?,?,?,00000000), ref: 00411E04
                                  • Part of subcall function 00411CDE: VirtualAlloc.KERNEL32(00000040,00000040,00000040,00000040,00411E22,?,00000000,00003000,00000040,00000000,?,00000000), ref: 00411CEE
                                • GetProcessHeap.KERNEL32(00000008,00000040,?,?,?,?,00000000), ref: 00411E4B
                                • HeapAlloc.KERNEL32(00000000,?,?,?,?,00000000), ref: 00411E52
                                • SetLastError.KERNEL32(0000045A,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00411F65
                                  • Part of subcall function 004120B2: GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,00411F72,?,?,?,?,00000000), ref: 00412122
                                  • Part of subcall function 004120B2: HeapFree.KERNEL32(00000000,?,?,?,?,00000000), ref: 00412129
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ErrorHeapLast$AllocProcess$FreeInfoNativeSystemVirtual
                                • String ID:
                                • API String ID: 3950776272-0
                                • Opcode ID: 0997a6c101f2dd0e8850336bac1793923a5345a50e97098554ef69f44a303648
                                • Instruction ID: da58ab861bd0a84ec3871346ef31e8b8814b9d9500880b3a3e1890ad13292c25
                                • Opcode Fuzzy Hash: 0997a6c101f2dd0e8850336bac1793923a5345a50e97098554ef69f44a303648
                                • Instruction Fuzzy Hash: F761A270700611ABCB209F66C981BAA7BA5AF44704F14411AFF05877A2D77CE8C2CBD9
                                Function 0044597A Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: __cftoe
                                • String ID:
                                • API String ID: 4189289331-0
                                • Opcode ID: 30f97a14dd6f87c9245b8e0b778041a74f07a421c1ac77e9beff42b74887127b
                                • Instruction ID: b93b8478136607885b926496a305f1bfb884a7f6acf724e610c81469f19cb9e5
                                • Opcode Fuzzy Hash: 30f97a14dd6f87c9245b8e0b778041a74f07a421c1ac77e9beff42b74887127b
                                • Instruction Fuzzy Hash: 2551FD72500605ABFF209B598C81EAF77A8EF45334F25421FF915A6293DB3DD900C66D
                                Function 0041AD09 Relevance: 9.1, APIs: 6, Instructions: 67serviceCOMMON
                                Download Yara Rule
                                APIs
                                • OpenSCManagerW.ADVAPI32(00000000,00000000,00000002,00000000,00000000,?,?,?,0041A41F,00000000), ref: 0041AD19
                                • OpenServiceW.ADVAPI32(00000000,00000000,00000002,?,?,?,0041A41F,00000000), ref: 0041AD2D
                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,0041A41F,00000000), ref: 0041AD3A
                                • ChangeServiceConfigW.ADVAPI32(00000000,000000FF,00000004,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,0041A41F,00000000), ref: 0041AD6F
                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,0041A41F,00000000), ref: 0041AD81
                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,0041A41F,00000000), ref: 0041AD84
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Service$CloseHandle$Open$ChangeConfigManager
                                • String ID:
                                • API String ID: 493672254-0
                                • Opcode ID: 6768d04de6bba430942b0409d96819e7e0e6ab90830dc8ea3fc78fe1771b3c5b
                                • Instruction ID: 77e668261cf9ee2bd18e5a0e87596c089765e66a1be6d3c981f75cbf7ed2a716
                                • Opcode Fuzzy Hash: 6768d04de6bba430942b0409d96819e7e0e6ab90830dc8ea3fc78fe1771b3c5b
                                • Instruction Fuzzy Hash: A7016D311462157AD6111B34AC4EFFB3B6CDB02772F10032BF625965D1DA68CE8195AB
                                Function 00448295 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • GetLastError.KERNEL32(?,0043F770,0043A875,0043F770,00474F08,?,0043CE65,FF8BC35D,00474F08,00474F08), ref: 00448299
                                • _free.LIBCMT ref: 004482CC
                                • _free.LIBCMT ref: 004482F4
                                • SetLastError.KERNEL32(00000000,FF8BC35D,00474F08,00474F08), ref: 00448301
                                • SetLastError.KERNEL32(00000000,FF8BC35D,00474F08,00474F08), ref: 0044830D
                                • _abort.LIBCMT ref: 00448313
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ErrorLast$_free$_abort
                                • String ID:
                                • API String ID: 3160817290-0
                                • Opcode ID: 0dc6b6a3e4ae5b17dec3dccad88ee1f92140bcc2d5108ccd544116d6be2417e2
                                • Instruction ID: 8d34d3ffa9a8a5ca7629c839d325bdddc3ef58a145117f7ac1d0225592351e3a
                                • Opcode Fuzzy Hash: 0dc6b6a3e4ae5b17dec3dccad88ee1f92140bcc2d5108ccd544116d6be2417e2
                                • Instruction Fuzzy Hash: 8EF0A435101B006BF611772A6C06B6F26599BD3B69F36042FFD18962D2EF6DCC42816D
                                Function 0041AB37 Relevance: 9.0, APIs: 6, Instructions: 45serviceCOMMON
                                Download Yara Rule
                                APIs
                                • OpenSCManagerW.ADVAPI32(00000000,00000000,00000020,00000000,00000001,?,?,?,?,?,?,0041A6B4,00000000), ref: 0041AB46
                                • OpenServiceW.ADVAPI32(00000000,00000000,00000020,?,?,?,?,?,?,0041A6B4,00000000), ref: 0041AB5A
                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041A6B4,00000000), ref: 0041AB67
                                • ControlService.ADVAPI32(00000000,00000001,?,?,?,?,?,?,?,0041A6B4,00000000), ref: 0041AB76
                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041A6B4,00000000), ref: 0041AB88
                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041A6B4,00000000), ref: 0041AB8B
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Service$CloseHandle$Open$ControlManager
                                • String ID:
                                • API String ID: 221034970-0
                                • Opcode ID: ae1d2dc5fcc920fa0c4de2805c4bb02fd0d2400c89c15f2023f51b2330037a2a
                                • Instruction ID: 443f58cffa4f299642b313368f914f767bd977a6fac550f0ec2f38f013616b5a
                                • Opcode Fuzzy Hash: ae1d2dc5fcc920fa0c4de2805c4bb02fd0d2400c89c15f2023f51b2330037a2a
                                • Instruction Fuzzy Hash: E4F0F631541318BBD7116F259C49DFF3B6CDB45B62F000026FE0992192EB68DD4595F9
                                Function 0041AC3B Relevance: 9.0, APIs: 6, Instructions: 45serviceCOMMON
                                Download Yara Rule
                                APIs
                                • OpenSCManagerW.ADVAPI32(00000000,00000000,00000040,00000000,00000001,?,?,?,?,?,?,0041A634,00000000), ref: 0041AC4A
                                • OpenServiceW.ADVAPI32(00000000,00000000,00000040,?,?,?,?,?,?,0041A634,00000000), ref: 0041AC5E
                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041A634,00000000), ref: 0041AC6B
                                • ControlService.ADVAPI32(00000000,00000002,?,?,?,?,?,?,?,0041A634,00000000), ref: 0041AC7A
                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041A634,00000000), ref: 0041AC8C
                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041A634,00000000), ref: 0041AC8F
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Service$CloseHandle$Open$ControlManager
                                • String ID:
                                • API String ID: 221034970-0
                                • Opcode ID: 09157ef8eb8da34f78b0ee302db87b690a61261d17d0987fe2a8bb4e8e1c1ff6
                                • Instruction ID: 80b71cf000cc834045a6d48b23744411b71cc7e49355023a2f572df053a73ec4
                                • Opcode Fuzzy Hash: 09157ef8eb8da34f78b0ee302db87b690a61261d17d0987fe2a8bb4e8e1c1ff6
                                • Instruction Fuzzy Hash: 73F0C231501218ABD611AF65AC4AEFF3B6CDB45B62F00002AFE0992192EB38CD4595E9
                                Function 0041ACA2 Relevance: 9.0, APIs: 6, Instructions: 45serviceCOMMON
                                Download Yara Rule
                                APIs
                                • OpenSCManagerW.ADVAPI32(00000000,00000000,00000040,00000000,00000001,?,?,?,?,?,?,0041A5B4,00000000), ref: 0041ACB1
                                • OpenServiceW.ADVAPI32(00000000,00000000,00000040,?,?,?,?,?,?,0041A5B4,00000000), ref: 0041ACC5
                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041A5B4,00000000), ref: 0041ACD2
                                • ControlService.ADVAPI32(00000000,00000003,?,?,?,?,?,?,?,0041A5B4,00000000), ref: 0041ACE1
                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041A5B4,00000000), ref: 0041ACF3
                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041A5B4,00000000), ref: 0041ACF6
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Service$CloseHandle$Open$ControlManager
                                • String ID:
                                • API String ID: 221034970-0
                                • Opcode ID: b26bf3762530a856ab6d8755ba7de06de94296f9b4710ed3a1167deef3457c09
                                • Instruction ID: 4c72e2560426042a93d841201029be6eaa37955ba2c7d49e75f16ae618c5df44
                                • Opcode Fuzzy Hash: b26bf3762530a856ab6d8755ba7de06de94296f9b4710ed3a1167deef3457c09
                                • Instruction Fuzzy Hash: 85F0F631501228BBD7116F25AC49DFF3B6CDB45B62F00002AFE0992192EB38CD46A6F9
                                Function 0040B19F Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 68timeCOMMON
                                Download Yara Rule
                                APIs
                                • GetLocalTime.KERNEL32(?,Offline Keylogger Started,00475100), ref: 0040B1AD
                                • wsprintfW.USER32 ref: 0040B22E
                                  • Part of subcall function 0040A671: SetEvent.KERNEL32(?,?,00000000,0040B245,00000000), ref: 0040A69D
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: EventLocalTimewsprintf
                                • String ID: [%04i/%02i/%02i %02i:%02i:%02i $Offline Keylogger Started$]
                                • API String ID: 1497725170-248792730
                                • Opcode ID: 61a13f8e7b5ec97ebd291e0ee17402ea7e3b88955fe685f323c9577bf2c0e63c
                                • Instruction ID: 4bcbbea8953a56f0834a7592719eb704c83d71ae81c48fe005db4fd1b538d991
                                • Opcode Fuzzy Hash: 61a13f8e7b5ec97ebd291e0ee17402ea7e3b88955fe685f323c9577bf2c0e63c
                                • Instruction Fuzzy Hash: 88114272404118AACB19AB96EC55CFE77BCEE48315B00012FF506A61D1FF7C5A45C6AD
                                Function 0040A6B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58sleepfileCOMMON
                                Download Yara Rule
                                APIs
                                • CreateFileW.KERNEL32(00000000,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,0040A788), ref: 0040A6E6
                                • GetFileSize.KERNEL32(00000000,00000000,?,?,?,0040A788), ref: 0040A6F5
                                • Sleep.KERNEL32(00002710,?,?,?,0040A788), ref: 0040A722
                                • CloseHandle.KERNEL32(00000000,?,?,?,0040A788), ref: 0040A729
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: File$CloseCreateHandleSizeSleep
                                • String ID: hQG
                                • API String ID: 1958988193-4070439852
                                • Opcode ID: dff8f098f1c377594146863248cdb80fbfdf91f527f5f89ea2521ad03e4bff88
                                • Instruction ID: fcd55a72cf9b38ed92eee25b8fc798016c5179a181dae4a4499eb8880f316315
                                • Opcode Fuzzy Hash: dff8f098f1c377594146863248cdb80fbfdf91f527f5f89ea2521ad03e4bff88
                                • Instruction Fuzzy Hash: 3E113130600740AADA30A7249889A1F37BAD741356F44483EE182676D3C67DDC64C71F
                                Function 0041D5A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegisterClassExA.USER32(00000030), ref: 0041D5EC
                                • CreateWindowExA.USER32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,000000FD,00000000,00000000,00000000), ref: 0041D607
                                • GetLastError.KERNEL32 ref: 0041D611
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ClassCreateErrorLastRegisterWindow
                                • String ID: 0$MsgWindowClass
                                • API String ID: 2877667751-2410386613
                                • Opcode ID: 722de5e8388a8877474a119f468a3301e062738380f3873f65828015e8b741e1
                                • Instruction ID: e808ecd18ef19f47bd472c0c6462b34ef8490c58390ad3ae495a6aa035ed2a4b
                                • Opcode Fuzzy Hash: 722de5e8388a8877474a119f468a3301e062738380f3873f65828015e8b741e1
                                • Instruction Fuzzy Hash: 1F0125B1D00219ABDB00DFA5EC849EFBBBCEA08355F40453AF914A6241EB7589058AA4
                                Function 00407790 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 43processCOMMON
                                Download Yara Rule
                                APIs
                                • CreateProcessA.KERNEL32(C:\Windows\System32\cmd.exe,/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f,00000000,00000000,00000000,08000000,00000000,00000000,?,?), ref: 004077D6
                                • CloseHandle.KERNEL32(?), ref: 004077E5
                                • CloseHandle.KERNEL32(?), ref: 004077EA
                                Strings
                                • /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f, xrefs: 004077CC
                                • C:\Windows\System32\cmd.exe, xrefs: 004077D1
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CloseHandle$CreateProcess
                                • String ID: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f$C:\Windows\System32\cmd.exe
                                • API String ID: 2922976086-4183131282
                                • Opcode ID: c38a1c4fbaf06b70ee3143182280ce63ac5342037887d892980c2b2f1eb259a7
                                • Instruction ID: 1887ccd63cb29ce90d3c4a9dee080bc6fb52b3336ad705aa4023eed0db3a7680
                                • Opcode Fuzzy Hash: c38a1c4fbaf06b70ee3143182280ce63ac5342037887d892980c2b2f1eb259a7
                                • Instruction Fuzzy Hash: 04F09672D4029C76CB20ABD7AC0EEDF7F3CEBC5B11F00051AF904A2045DA745400CAB5
                                Function 004433DA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,0044338B,00000000,?,0044332B,00000000,0046E958,0000000C,00443482,00000000,00000002), ref: 004433FA
                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0044340D
                                • FreeLibrary.KERNEL32(00000000,?,?,?,0044338B,00000000,?,0044332B,00000000,0046E958,0000000C,00443482,00000000,00000002), ref: 00443430
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: AddressFreeHandleLibraryModuleProc
                                • String ID: CorExitProcess$mscoree.dll
                                • API String ID: 4061214504-1276376045
                                • Opcode ID: ffd65e2a986ef432bd98aae630379cdfc9b477bc787d361fad657d5437817096
                                • Instruction ID: d7bd46dfab834bb5d48edea7818df211002af85bf4a2e706b61bd78119be3437
                                • Opcode Fuzzy Hash: ffd65e2a986ef432bd98aae630379cdfc9b477bc787d361fad657d5437817096
                                • Instruction Fuzzy Hash: 4EF04931900208FBDB159F65DC45B9EBF74EF04753F0040A5F805A2251DB758E40CA99
                                Function 004050E4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35synchronizationCOMMON
                                Download Yara Rule
                                APIs
                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00474F08,00404E7A,00000001,?,00000000,00474F08,00404CA8,00000000,?,?,00000000), ref: 00405120
                                • SetEvent.KERNEL32(?,?,00000000,00474F08,00404CA8,00000000,?,?,00000000), ref: 0040512C
                                • WaitForSingleObject.KERNEL32(?,000000FF,?,00000000,00474F08,00404CA8,00000000,?,?,00000000), ref: 00405137
                                • CloseHandle.KERNEL32(?,?,00000000,00474F08,00404CA8,00000000,?,?,00000000), ref: 00405140
                                  • Part of subcall function 0041B580: GetLocalTime.KERNEL32(00000000), ref: 0041B59A
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Event$CloseCreateHandleLocalObjectSingleTimeWait
                                • String ID: KeepAlive | Disabled
                                • API String ID: 2993684571-305739064
                                • Opcode ID: 260c2b08e01b5d66b359e99273a0c89895ec309b6af50f33d4504d26b953d9d7
                                • Instruction ID: dc79248355977efa3495ea8e96f68553e1f2867eb32bbe7dc6984d352a193ca4
                                • Opcode Fuzzy Hash: 260c2b08e01b5d66b359e99273a0c89895ec309b6af50f33d4504d26b953d9d7
                                • Instruction Fuzzy Hash: 5DF06D71904711BBDB203B758D0AAAB7E95AB06315F0009BEF982916E2D6798C408F9A
                                Function 0041AE51 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30sleepCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0041B580: GetLocalTime.KERNEL32(00000000), ref: 0041B59A
                                • GetModuleHandleA.KERNEL32(00000000,00020009), ref: 0041AE83
                                • PlaySoundW.WINMM(00000000,00000000), ref: 0041AE91
                                • Sleep.KERNEL32(00002710), ref: 0041AE98
                                • PlaySoundW.WINMM(00000000,00000000,00000000), ref: 0041AEA1
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: PlaySound$HandleLocalModuleSleepTime
                                • String ID: Alarm triggered
                                • API String ID: 614609389-2816303416
                                • Opcode ID: fc1dfc3d80636db02bd80d67f349f84282c1adb2487fd06cf6dad27e320cdf65
                                • Instruction ID: 264e31dd7f8ae4a58c3cd97330858728e5483d82e525179ed11d996d756d41c5
                                • Opcode Fuzzy Hash: fc1dfc3d80636db02bd80d67f349f84282c1adb2487fd06cf6dad27e320cdf65
                                • Instruction Fuzzy Hash: 3EE0D826A40220779A10337B6D0FD6F3D29CAC3B2570100BFFA05660C2DD540C01C6FB
                                Function 0041CDE9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON
                                Download Yara Rule
                                APIs
                                • GetStdHandle.KERNEL32(000000F5,00000000,?,?,?,?,?,?,0041CE7E), ref: 0041CDF3
                                • GetConsoleScreenBufferInfo.KERNEL32(00000000,?,?,?,?,?,?,?,0041CE7E), ref: 0041CE00
                                • SetConsoleTextAttribute.KERNEL32(00000000,0000000C,?,?,?,?,?,?,0041CE7E), ref: 0041CE0D
                                • SetConsoleTextAttribute.KERNEL32(00000000,?,?,?,?,?,?,?,0041CE7E), ref: 0041CE20
                                Strings
                                • ______ (_____ \ _____) )_____ ____ ____ ___ ___ | __ /| ___ | \ / ___) _ \ /___)| | \ \| ____| | | ( (__| |_| |___ ||_| |_|_____)_|_|_|\____)___/(___/ , xrefs: 0041CE13
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Console$AttributeText$BufferHandleInfoScreen
                                • String ID: ______ (_____ \ _____) )_____ ____ ____ ___ ___ | __ /| ___ | \ / ___) _ \ /___)| | \ \| ____| | | ( (__| |_| |___ ||_| |_|_____)_|_|_|\____)___/(___/
                                • API String ID: 3024135584-2418719853
                                • Opcode ID: e39debb9b2b39d29e793f9bd33498d8add4ef2108ba1fa2e7e75c33182c8a1d6
                                • Instruction ID: 3099d3b49c49d1df3d44327ff87017ee7d1b0803ff7cdb2815dc6b7c28d9377e
                                • Opcode Fuzzy Hash: e39debb9b2b39d29e793f9bd33498d8add4ef2108ba1fa2e7e75c33182c8a1d6
                                • Instruction Fuzzy Hash: B6E04872504315E7E31027B5EC4DCAB7B7CE745613B100266FA16915D39A749C41C6B5
                                Function 004413EA Relevance: 7.7, APIs: 5, Instructions: 222COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3500d967bf213ad3b95b014004bc41782de99095ad53c5e0f3d0147f9504bf37
                                • Instruction ID: 15e211ccade7fc2a5debfa8ad78d9bfa955d5b29a73147504924d067d3782226
                                • Opcode Fuzzy Hash: 3500d967bf213ad3b95b014004bc41782de99095ad53c5e0f3d0147f9504bf37
                                • Instruction Fuzzy Hash: 2771D4319012569BEB21CF55C884AFFBB75EF55310F19412BE815672A0DB78CCC1CBA8
                                Function 004493E5 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,0045F244), ref: 0044944F
                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00472764,000000FF,00000000,0000003F,00000000,?,?), ref: 004494C7
                                • WideCharToMultiByte.KERNEL32(00000000,00000000,004727B8,000000FF,?,0000003F,00000000,?), ref: 004494F4
                                • _free.LIBCMT ref: 0044943D
                                  • Part of subcall function 00446802: HeapFree.KERNEL32(00000000,00000000,?,00450CEF,?,00000000,?,00000000,?,00450F93,?,00000007,?,?,004514DE,?), ref: 00446818
                                  • Part of subcall function 00446802: GetLastError.KERNEL32(?,?,00450CEF,?,00000000,?,00000000,?,00450F93,?,00000007,?,?,004514DE,?,?), ref: 0044682A
                                • _free.LIBCMT ref: 00449609
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                • String ID:
                                • API String ID: 1286116820-0
                                • Opcode ID: 5cd2e88b37ead4a53a3ad7e2b8222e2e62bf3e8d34a7aba608fbabac987024fa
                                • Instruction ID: 45cf5ea20785abb2a7eec221213eb08c1b8584214e6df16efc40294c4842d026
                                • Opcode Fuzzy Hash: 5cd2e88b37ead4a53a3ad7e2b8222e2e62bf3e8d34a7aba608fbabac987024fa
                                • Instruction Fuzzy Hash: 1B51EC71900205ABEB14EF69DD819AFB7B8EF44724F20066FE418D3291EB789D41DB58
                                Function 0040F938 Relevance: 7.6, APIs: 5, Instructions: 132processCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0041C048: GetCurrentProcess.KERNEL32(?,?,?,0040DAE5,WinDir,00000000,00000000), ref: 0041C059
                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0040F956
                                • Process32FirstW.KERNEL32(00000000,?), ref: 0040F97A
                                • Process32NextW.KERNEL32(00000000,0000022C), ref: 0040F989
                                • CloseHandle.KERNEL32(00000000), ref: 0040FB40
                                  • Part of subcall function 0041C076: OpenProcess.KERNEL32(00000400,00000000,?,?,00000000,0040F634,00000000,?,?,00475348), ref: 0041C08B
                                  • Part of subcall function 0041C26E: OpenProcess.KERNEL32(00001000,00000000,?,00000000,00000000,00000000), ref: 0041C286
                                  • Part of subcall function 0041C26E: OpenProcess.KERNEL32(00000400,00000000,?,?,00000000,00000000,00000000), ref: 0041C299
                                • Process32NextW.KERNEL32(00000000,0000022C), ref: 0040FB31
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Process$OpenProcess32$Next$CloseCreateCurrentFirstHandleSnapshotToolhelp32
                                • String ID:
                                • API String ID: 4269425633-0
                                • Opcode ID: db79130361b4b0464cab85a352f134925f668321788b49065da1d952b70fcd3f
                                • Instruction ID: 39de0d33b69ea9088fa68d935cf3ef43cf04ff0480c7130c1a021fac56d243da
                                • Opcode Fuzzy Hash: db79130361b4b0464cab85a352f134925f668321788b49065da1d952b70fcd3f
                                • Instruction Fuzzy Hash: 8D4136311083419BC325F722DC51AEFB3A5AF94305F50493EF58A921E2EF385A49C65A
                                Function 00443E99 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free
                                • String ID:
                                • API String ID: 269201875-0
                                • Opcode ID: 1c82e8231a1e7df7fc61a9fb39ee41d92c56425fa3e393906510b0ca3dcf776a
                                • Instruction ID: bbec49e9ccdd5c2af131aecc9b6810ea24321c3eb42f74c08fbdd36582e243a3
                                • Opcode Fuzzy Hash: 1c82e8231a1e7df7fc61a9fb39ee41d92c56425fa3e393906510b0ca3dcf776a
                                • Instruction Fuzzy Hash: 5F41E232E00200AFEB14DF78C881A5EB3B5EF89B18F1545AEE915EB351D735AE05CB84
                                Function 004511AC Relevance: 7.6, APIs: 5, Instructions: 110COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,0043F918,?,00000000,?,00000001,?,?,00000001,0043F918,?), ref: 004511F9
                                • __alloca_probe_16.LIBCMT ref: 00451231
                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00451282
                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,0043AF04,?), ref: 00451294
                                • __freea.LIBCMT ref: 0045129D
                                  • Part of subcall function 004461B8: RtlAllocateHeap.NTDLL(00000000,00435349,?,?,004388C7,?,?,00000000,00476B60,?,0040DE9D,00435349,?,?,?,?), ref: 004461EA
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ByteCharMultiWide$AllocateHeapStringType__alloca_probe_16__freea
                                • String ID:
                                • API String ID: 313313983-0
                                • Opcode ID: 9f5a2a67851111230ceb537eb1b7ccf29ba8faad681cfee17df3cfbc13bcf043
                                • Instruction ID: f723c28c07ecd650b398e20bb728631ced1c531215915adb10fa1f31571a6cea
                                • Opcode Fuzzy Hash: 9f5a2a67851111230ceb537eb1b7ccf29ba8faad681cfee17df3cfbc13bcf043
                                • Instruction Fuzzy Hash: F7310331A0020AABDF249F65DC41EAF7BA5EB04701F0445AAFC08E72A2E739CC55CB94
                                Function 0044F3DA Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                Download Yara Rule
                                APIs
                                • GetEnvironmentStringsW.KERNEL32 ref: 0044F3E3
                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0044F406
                                  • Part of subcall function 004461B8: RtlAllocateHeap.NTDLL(00000000,00435349,?,?,004388C7,?,?,00000000,00476B60,?,0040DE9D,00435349,?,?,?,?), ref: 004461EA
                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0044F42C
                                • _free.LIBCMT ref: 0044F43F
                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0044F44E
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                • String ID:
                                • API String ID: 336800556-0
                                • Opcode ID: 7d1f56057eec42b9e44eaca7954531e52edb8e618f6c0f5134274d299c642649
                                • Instruction ID: b6d7bf627ac8e1e23e8e90154f8049d5dc13ee9613ce4caf203d647ba434722a
                                • Opcode Fuzzy Hash: 7d1f56057eec42b9e44eaca7954531e52edb8e618f6c0f5134274d299c642649
                                • Instruction Fuzzy Hash: 2401DF72602721BF37211ABB5C8DC7F6AACDEC6FA5355013AFD04D2202DE688D0691B9
                                Function 0041C482 Relevance: 7.6, APIs: 5, Instructions: 67fileCOMMON
                                Download Yara Rule
                                APIs
                                • CreateFileW.KERNEL32(00000004,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,?,00000004,00000000,0041C5A1,00000000,00000000,00000000), ref: 0041C4C1
                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,00000004,00000000,0041C5A1,00000000,00000000), ref: 0041C4DE
                                • CloseHandle.KERNEL32(00000000,?,00000004,00000000,0041C5A1,00000000,00000000), ref: 0041C4EA
                                • WriteFile.KERNEL32(00000000,00000000,00000000,00406FC0,00000000,?,00000004,00000000,0041C5A1,00000000,00000000), ref: 0041C4FB
                                • CloseHandle.KERNEL32(00000000,?,00000004,00000000,0041C5A1,00000000,00000000), ref: 0041C508
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: File$CloseHandle$CreatePointerWrite
                                • String ID:
                                • API String ID: 1852769593-0
                                • Opcode ID: 03b5af7f289a82a83928ea742180afc1da621273c2f808e1c0dcbcf6c59c1bfa
                                • Instruction ID: 0233a984b642d2e84dd4fc2cab076f06cd7f632185dc4648213adf39284592b7
                                • Opcode Fuzzy Hash: 03b5af7f289a82a83928ea742180afc1da621273c2f808e1c0dcbcf6c59c1bfa
                                • Instruction Fuzzy Hash: 6311E571288215BFE7104A24ACC8EBB739CEB46365F10862BF912D22D0C624DC418639
                                Function 00448319 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • GetLastError.KERNEL32(?,00000000,?,0043BCD6,00000000,?,?,0043BD5A,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0044831E
                                • _free.LIBCMT ref: 00448353
                                • _free.LIBCMT ref: 0044837A
                                • SetLastError.KERNEL32(00000000), ref: 00448387
                                • SetLastError.KERNEL32(00000000), ref: 00448390
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ErrorLast$_free
                                • String ID:
                                • API String ID: 3170660625-0
                                • Opcode ID: 9e58827e066efea2178fd81b79d5a13276d1a5d22b614d366fbfb6265f5784d7
                                • Instruction ID: 5af5a014564f127a9d6b3613d5887cb4baea3ca98ff5bc54bcf39f1731b7af1a
                                • Opcode Fuzzy Hash: 9e58827e066efea2178fd81b79d5a13276d1a5d22b614d366fbfb6265f5784d7
                                • Instruction Fuzzy Hash: 3401F936100B006BB7117A2A5C45E6F3259DBD2B75B35093FFD1892292EF7ECC02812D
                                Function 00450A3C Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • _free.LIBCMT ref: 00450A54
                                  • Part of subcall function 00446802: HeapFree.KERNEL32(00000000,00000000,?,00450CEF,?,00000000,?,00000000,?,00450F93,?,00000007,?,?,004514DE,?), ref: 00446818
                                  • Part of subcall function 00446802: GetLastError.KERNEL32(?,?,00450CEF,?,00000000,?,00000000,?,00450F93,?,00000007,?,?,004514DE,?,?), ref: 0044682A
                                • _free.LIBCMT ref: 00450A66
                                • _free.LIBCMT ref: 00450A78
                                • _free.LIBCMT ref: 00450A8A
                                • _free.LIBCMT ref: 00450A9C
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$ErrorFreeHeapLast
                                • String ID:
                                • API String ID: 776569668-0
                                • Opcode ID: 3215379f381551316c6ac489d477ac1f9e59373460363398d28d4bb450e902e5
                                • Instruction ID: 72fff71e7c38304dd33e0b5962bcef44c8ad6e5fbb3f6de42623dcf71f8de19c
                                • Opcode Fuzzy Hash: 3215379f381551316c6ac489d477ac1f9e59373460363398d28d4bb450e902e5
                                • Instruction Fuzzy Hash: F7F012765053006B9620EB5DE883C1773D9EA157117A68C1BF549DB652C778FCC0866C
                                Function 004440E8 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                Download Yara Rule
                                APIs
                                • _free.LIBCMT ref: 00444106
                                  • Part of subcall function 00446802: HeapFree.KERNEL32(00000000,00000000,?,00450CEF,?,00000000,?,00000000,?,00450F93,?,00000007,?,?,004514DE,?), ref: 00446818
                                  • Part of subcall function 00446802: GetLastError.KERNEL32(?,?,00450CEF,?,00000000,?,00000000,?,00450F93,?,00000007,?,?,004514DE,?,?), ref: 0044682A
                                • _free.LIBCMT ref: 00444118
                                • _free.LIBCMT ref: 0044412B
                                • _free.LIBCMT ref: 0044413C
                                • _free.LIBCMT ref: 0044414D
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$ErrorFreeHeapLast
                                • String ID:
                                • API String ID: 776569668-0
                                • Opcode ID: d22801927142449f45bafb541f3c6c05cfc56c6a25697691e9266b530bc09d46
                                • Instruction ID: 0e9c2896d1a2baf17e4b980eca3efa8a556ca0a6e45d827b59e8921ed08f8926
                                • Opcode Fuzzy Hash: d22801927142449f45bafb541f3c6c05cfc56c6a25697691e9266b530bc09d46
                                • Instruction Fuzzy Hash: 91F03AB18025208FA731AF2DBD528053BA1A705720356853BF40C62A71C7B849C2DFDF
                                Function 00417627 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 182threadwindowCOMMON
                                Download Yara Rule
                                APIs
                                • GetWindowThreadProcessId.USER32(?,?), ref: 0041763E
                                • GetWindowTextW.USER32(?,?,0000012C), ref: 00417670
                                • IsWindowVisible.USER32(?), ref: 00417677
                                  • Part of subcall function 0041C26E: OpenProcess.KERNEL32(00001000,00000000,?,00000000,00000000,00000000), ref: 0041C286
                                  • Part of subcall function 0041C26E: OpenProcess.KERNEL32(00000400,00000000,?,?,00000000,00000000,00000000), ref: 0041C299
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ProcessWindow$Open$TextThreadVisible
                                • String ID: (VG
                                • API String ID: 3142014140-3443974315
                                • Opcode ID: 7e572b315b2ecefe35e30865a6849592f1677189f3bed39c221b32fb02a916d3
                                • Instruction ID: 57afc706987f0d359dfa573bc041c79e98ae29994c94316b8148008c339bd05b
                                • Opcode Fuzzy Hash: 7e572b315b2ecefe35e30865a6849592f1677189f3bed39c221b32fb02a916d3
                                • Instruction Fuzzy Hash: 6E7109311082419AC365FB22D8959EFB3E5BFD4308F50493FF18A560E5EF746A49CB8A
                                Function 00413A90 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 179registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryInfoKeyW.ADVAPI32(?,?,00000104,00000000,?,?,?,?,?,?,?,?), ref: 00413AF7
                                • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000104,00000000,?,?,?,?), ref: 00413B26
                                • RegEnumValueW.ADVAPI32(?,00000000,?,00003FFF,00000000,?,?,00002710,?,?,?,?,?,?,?,?), ref: 00413BC6
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Enum$InfoQueryValue
                                • String ID: [regsplt]
                                • API String ID: 3554306468-4262303796
                                • Opcode ID: 6209f9adf3ebd54435f0d7a716eb47a0d81ae306c6dd88b89f6c65b2c0b42e3c
                                • Instruction ID: fa843d34e07254c46a29a5d4d7bbb73928c81f50e0ccc4a220fcc0531dc04ae2
                                • Opcode Fuzzy Hash: 6209f9adf3ebd54435f0d7a716eb47a0d81ae306c6dd88b89f6c65b2c0b42e3c
                                • Instruction Fuzzy Hash: DF512C72900219AADB11EB95DC86EEEB77DAF04304F1000BAE505F6191EF746B48CBA9
                                Function 0044E769 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON
                                Download Yara Rule
                                APIs
                                • _strpbrk.LIBCMT ref: 0044E7B8
                                • _free.LIBCMT ref: 0044E8D5
                                  • Part of subcall function 0043BD68: IsProcessorFeaturePresent.KERNEL32(00000017,0043BD3A,?,?,?,?,?,00000000,?,?,0043BD5A,00000000,00000000,00000000,00000000,00000000), ref: 0043BD6A
                                  • Part of subcall function 0043BD68: GetCurrentProcess.KERNEL32(C0000417), ref: 0043BD8C
                                  • Part of subcall function 0043BD68: TerminateProcess.KERNEL32(00000000), ref: 0043BD93
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Process$CurrentFeaturePresentProcessorTerminate_free_strpbrk
                                • String ID: *?$.
                                • API String ID: 2812119850-3972193922
                                • Opcode ID: 425935087bf6a06ef5f668eca0c2840133b7cce1b1476d2e54c501535b2ee598
                                • Instruction ID: bbc13fc8ee10fdca904a4e9292213e09ebfa005f106ef5a16faeda3ce4fd08f7
                                • Opcode Fuzzy Hash: 425935087bf6a06ef5f668eca0c2840133b7cce1b1476d2e54c501535b2ee598
                                • Instruction Fuzzy Hash: C251B175E00209AFEF14DFAAC881AAEF7B5FF58314F24416EE844E7341E6399A018B54
                                Function 004434D5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                Download Yara Rule
                                APIs
                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\NEW ORDER- 4788467.exe,00000104), ref: 00443515
                                • _free.LIBCMT ref: 004435E0
                                • _free.LIBCMT ref: 004435EA
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free$FileModuleName
                                • String ID: C:\Users\user\Desktop\NEW ORDER- 4788467.exe
                                • API String ID: 2506810119-4109646631
                                • Opcode ID: 85df99244543f45e80e68b9da345e50485f416d8f0a3fa02bb076d818d98866e
                                • Instruction ID: e5efe6401a3e5f1db0e1141fbbc5a3d1caea7301f6195c2e8eaff0a3f5655f7e
                                • Opcode Fuzzy Hash: 85df99244543f45e80e68b9da345e50485f416d8f0a3fa02bb076d818d98866e
                                • Instruction Fuzzy Hash: D63193B1A00254BFEB21DF9A998199EBBF8EB84B15F10406BF40597311D6B88F41CB99
                                Function 0040404C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93sleepCOMMON
                                Download Yara Rule
                                APIs
                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00404066
                                  • Part of subcall function 0041BA09: GetCurrentProcessId.KERNEL32(00000000,?,?,?,?,?,?,0040407C), ref: 0041BA30
                                  • Part of subcall function 004185A3: CloseHandle.KERNEL32(004040F5,?,?,004040F5,00465E84), ref: 004185B9
                                  • Part of subcall function 004185A3: CloseHandle.KERNEL32(00465E84,?,?,004040F5,00465E84), ref: 004185C2
                                  • Part of subcall function 0041C516: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,?,00000000,0040412F,00465E84), ref: 0041C52F
                                • Sleep.KERNEL32(000000FA,00465E84), ref: 00404138
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CloseFileHandle$CreateCurrentModuleNameProcessSleep
                                • String ID: /sort "Visit Time" /stext "$@NG
                                • API String ID: 368326130-3944316004
                                • Opcode ID: 115d3ed6b1741adb512821b11b245dc659c1e2162bd541144790ef051353569d
                                • Instruction ID: 88307c0d9f74f86904655d2c31cb74d6ebeba16a9e6c7dae8368527950f1c452
                                • Opcode Fuzzy Hash: 115d3ed6b1741adb512821b11b245dc659c1e2162bd541144790ef051353569d
                                • Instruction Fuzzy Hash: EB316171A001195ACB15FBA6DC969ED7375AF90308F00007FF60AB71E2EF785E49CA99
                                Function 0040B783 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 88COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00434801: __onexit.LIBCMT ref: 00434807
                                • __Init_thread_footer.LIBCMT ref: 0040B7D2
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Init_thread_footer__onexit
                                • String ID: [End of clipboard]$[Text copied to clipboard]$ mG
                                • API String ID: 1881088180-2322839566
                                • Opcode ID: 811cdfe000e459d503bb944029386f8ceaa377eb4ffdcb54278a65b681284296
                                • Instruction ID: 5c7e69c9d376070a9f10adc198010d279a990252db190bacd7f595afc81a80c0
                                • Opcode Fuzzy Hash: 811cdfe000e459d503bb944029386f8ceaa377eb4ffdcb54278a65b681284296
                                • Instruction Fuzzy Hash: B5216D31A102198ACB14FBA6D8929EDB375AF54318F10403FE506771E2EF7C6D4ACA8C
                                Function 0040C627 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0040C4FE: PathFileExistsW.SHLWAPI(00000000,\AppData\Local\Google\Chrome\,00000000), ref: 0040C531
                                • PathFileExistsW.SHLWAPI(00000000), ref: 0040C658
                                • PathFileExistsW.SHLWAPI(00000000,-00000011,?,00000000,00000000), ref: 0040C6C3
                                Strings
                                • User Data\Profile ?\Network\Cookies, xrefs: 0040C670
                                • User Data\Default\Network\Cookies, xrefs: 0040C63E
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ExistsFilePath
                                • String ID: User Data\Default\Network\Cookies$User Data\Profile ?\Network\Cookies
                                • API String ID: 1174141254-1980882731
                                • Opcode ID: 8e16928b384ae0ce72e815ae57c22294848a02c61a8a71f4ba9d785bccdf6d95
                                • Instruction ID: a3c4a2fc075df05cc4efb8d324c4514c6f5a9a9113215be8183f294a60e8cc46
                                • Opcode Fuzzy Hash: 8e16928b384ae0ce72e815ae57c22294848a02c61a8a71f4ba9d785bccdf6d95
                                • Instruction Fuzzy Hash: 0621E27190011A96CB14FBA2DC96DEEBB7CAE50319B40053FF506B31D2EF789946C6D8
                                Function 0040C6F6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0040C561: PathFileExistsW.SHLWAPI(00000000,\AppData\Local\Microsoft\Edge\,00000000), ref: 0040C594
                                • PathFileExistsW.SHLWAPI(00000000), ref: 0040C727
                                • PathFileExistsW.SHLWAPI(00000000,-00000011,?,00000000,00000000), ref: 0040C792
                                Strings
                                • User Data\Profile ?\Network\Cookies, xrefs: 0040C73F
                                • User Data\Default\Network\Cookies, xrefs: 0040C70D
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ExistsFilePath
                                • String ID: User Data\Default\Network\Cookies$User Data\Profile ?\Network\Cookies
                                • API String ID: 1174141254-1980882731
                                • Opcode ID: 3001d16f89ba5f9bfed8131fc8dfd9e41104078c7e185fc4d6da829b92f4ee01
                                • Instruction ID: 531025beeaae0c5c42121d483a56170e39db3028f8febaf9efde6b64dfa31b71
                                • Opcode Fuzzy Hash: 3001d16f89ba5f9bfed8131fc8dfd9e41104078c7e185fc4d6da829b92f4ee01
                                • Instruction Fuzzy Hash: 4821127190011A96CB04F7A2DC96CEEBB78AE50359B40013FF506B31D2EF789946C6D8
                                Function 0040A1B4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70threadCOMMON
                                Download Yara Rule
                                APIs
                                • CreateThread.KERNEL32(00000000,00000000,0040A2B8,00475100,00000000,00000000), ref: 0040A239
                                • CreateThread.KERNEL32(00000000,00000000,0040A2A2,00475100,00000000,00000000), ref: 0040A249
                                • CreateThread.KERNEL32(00000000,00000000,0040A2C4,00475100,00000000,00000000), ref: 0040A255
                                  • Part of subcall function 0040B19F: GetLocalTime.KERNEL32(?,Offline Keylogger Started,00475100), ref: 0040B1AD
                                  • Part of subcall function 0040B19F: wsprintfW.USER32 ref: 0040B22E
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CreateThread$LocalTimewsprintf
                                • String ID: Offline Keylogger Started
                                • API String ID: 465354869-4114347211
                                • Opcode ID: aa941b6b780eb50f2f111ff82fee1c60cdd0ed452bf655484a5542b8935c980e
                                • Instruction ID: fa9a7328340dc7f48b0d085764b542104813bfc3ea66268f7111ac5d0199d402
                                • Opcode Fuzzy Hash: aa941b6b780eb50f2f111ff82fee1c60cdd0ed452bf655484a5542b8935c980e
                                • Instruction Fuzzy Hash: 1111ABB12003187ED210BB368C87CBB765DDA4139CB40057FF946221C2EA795D14CAFB
                                Function 0040AF29 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65threadCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0040B19F: GetLocalTime.KERNEL32(?,Offline Keylogger Started,00475100), ref: 0040B1AD
                                  • Part of subcall function 0040B19F: wsprintfW.USER32 ref: 0040B22E
                                  • Part of subcall function 0041B580: GetLocalTime.KERNEL32(00000000), ref: 0041B59A
                                • CreateThread.KERNEL32(00000000,00000000,0040A2A2,?,00000000,00000000), ref: 0040AFA9
                                • CreateThread.KERNEL32(00000000,00000000,0040A2C4,?,00000000,00000000), ref: 0040AFB5
                                • CreateThread.KERNEL32(00000000,00000000,0040A2D0,?,00000000,00000000), ref: 0040AFC1
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CreateThread$LocalTime$wsprintf
                                • String ID: Online Keylogger Started
                                • API String ID: 112202259-1258561607
                                • Opcode ID: 1642843c4aeb719f804d1b1faf349d7b90b73fbf07dec7ef3d168b84b43abf66
                                • Instruction ID: 1fd114496b08e8c1d91a2f23279a740fccf8855fe00c80ef0b78f2cd7c44f0e8
                                • Opcode Fuzzy Hash: 1642843c4aeb719f804d1b1faf349d7b90b73fbf07dec7ef3d168b84b43abf66
                                • Instruction Fuzzy Hash: 2A01C4A07003193EE62076368C8BDBF7A6DCA91398F4004BFF641362C2E97D1C1586FA
                                Function 00404F51 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58timethreadCOMMON
                                Download Yara Rule
                                APIs
                                • GetLocalTime.KERNEL32(?), ref: 00404F81
                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00404FCD
                                • CreateThread.KERNEL32(00000000,00000000,00405150,?,00000000,00000000), ref: 00404FE0
                                Strings
                                • KeepAlive | Enabled | Timeout: , xrefs: 00404F94
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Create$EventLocalThreadTime
                                • String ID: KeepAlive | Enabled | Timeout:
                                • API String ID: 2532271599-1507639952
                                • Opcode ID: 265870ca6a49f1cfdf3a79916e036cd98acee69504672a74e3c9871262499b03
                                • Instruction ID: 4df055e7b18788cc2e6f6b282d58d8d1f041b9f055d7d752625e2c9c7705ec55
                                • Opcode Fuzzy Hash: 265870ca6a49f1cfdf3a79916e036cd98acee69504672a74e3c9871262499b03
                                • Instruction Fuzzy Hash: D7110A71900385BAC720A7779C0DEABBFACDBD2714F04046FF54162291D6B89445CBBA
                                Function 00406A9E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                • LoadLibraryA.KERNEL32(crypt32,CryptUnprotectData), ref: 00406ABD
                                • GetProcAddress.KERNEL32(00000000), ref: 00406AC4
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: AddressLibraryLoadProc
                                • String ID: CryptUnprotectData$crypt32
                                • API String ID: 2574300362-2380590389
                                • Opcode ID: b88f03605d096aaa2152f3ebf69acb5fe9b1e31435291808458d2189a413eed3
                                • Instruction ID: 345ee013d26fc91f442c93551971226c597518e80cf45168a44a65f4e30a47e9
                                • Opcode Fuzzy Hash: b88f03605d096aaa2152f3ebf69acb5fe9b1e31435291808458d2189a413eed3
                                • Instruction Fuzzy Hash: 1D01F575A00215BBCB18CFAC8C409AF7BB8EB85300F0041BEE94AE3381DA34AD00CB94
                                Function 0040515C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46synchronizationCOMMON
                                Download Yara Rule
                                APIs
                                • WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,00405159), ref: 00405173
                                • CloseHandle.KERNEL32(?), ref: 004051CA
                                • SetEvent.KERNEL32(?), ref: 004051D9
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CloseEventHandleObjectSingleWait
                                • String ID: Connection Timeout
                                • API String ID: 2055531096-499159329
                                • Opcode ID: f68205fbbd132f7411d12c93b7f65b2f09768eee2fc5ae5d8c71895408bf9877
                                • Instruction ID: 0252d74fe4ede7253ae2eff4a1d35319ac7a80acec65437dc80477e116da68d3
                                • Opcode Fuzzy Hash: f68205fbbd132f7411d12c93b7f65b2f09768eee2fc5ae5d8c71895408bf9877
                                • Instruction Fuzzy Hash: 4A01F530A40F00AFD7216F368D8642BBFE0EB00306704093FE68356AE2D6789800CF89
                                Function 0040E800 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 45COMMON
                                Download Yara Rule
                                APIs
                                • __CxxThrowException@8.LIBVCRUNTIME ref: 0040E86E
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Exception@8Throw
                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                • API String ID: 2005118841-1866435925
                                • Opcode ID: e1bdae5122e534e22181349a294e5dd283a76e5484cb2b4dd901af9da0e19607
                                • Instruction ID: 287a1f786264602a2f100ba68ee8cd07dacd1bfc9ef62352ff5e55a88b78f620
                                • Opcode Fuzzy Hash: e1bdae5122e534e22181349a294e5dd283a76e5484cb2b4dd901af9da0e19607
                                • Instruction Fuzzy Hash: 59018F626583087AEB14B697CC03FBA33685B10708F10CC3BBD01765C2EA7D6A61C66F
                                Function 0040DFE1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                Download Yara Rule
                                APIs
                                • std::_Lockit::_Lockit.LIBCPMT ref: 0040DFEC
                                • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0040E02B
                                  • Part of subcall function 004356CD: _Yarn.LIBCPMT ref: 004356EC
                                  • Part of subcall function 004356CD: _Yarn.LIBCPMT ref: 00435710
                                • __CxxThrowException@8.LIBVCRUNTIME ref: 0040E051
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Yarnstd::_$Exception@8Locinfo::_Locinfo_ctorLockitLockit::_Throw
                                • String ID: bad locale name
                                • API String ID: 3628047217-1405518554
                                • Opcode ID: 0e967f5f4c551f764c071b3c3fecd2d0a166eebc37c8bba363630da575d49789
                                • Instruction ID: 7f9ccd90240ef42149755af47b5df127ed13e8783c268b42739d505c0e35a915
                                • Opcode Fuzzy Hash: 0e967f5f4c551f764c071b3c3fecd2d0a166eebc37c8bba363630da575d49789
                                • Instruction Fuzzy Hash: 77F08131544A085AC338FA62D863DDA73B49F14358F50457FB406268D2EF78BA0CCA9D
                                Function 004137AA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegCreateKeyA.ADVAPI32(80000001,Control Panel\Desktop,0046612C), ref: 004137B9
                                • RegSetValueExA.ADVAPI32(0046612C,?,00000000,?,00000000,00000000,Control Panel\Desktop,?,?,0041CB42,WallpaperStyle,0046612C,00000001,00474EF0,00000000), ref: 004137E1
                                • RegCloseKey.ADVAPI32(0046612C,?,?,0041CB42,WallpaperStyle,0046612C,00000001,00474EF0,00000000,?,00408798,00000001), ref: 004137EC
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CloseCreateValue
                                • String ID: Control Panel\Desktop
                                • API String ID: 1818849710-27424756
                                • Opcode ID: 6030d9855dac89f4cd46f7f8c789974497344dcf9873e73d86c3d4cdefa30cde
                                • Instruction ID: b09b06e14e5a963f4ed757ac8f346f2723baee7be417271cc0de3610a50c6458
                                • Opcode Fuzzy Hash: 6030d9855dac89f4cd46f7f8c789974497344dcf9873e73d86c3d4cdefa30cde
                                • Instruction Fuzzy Hash: A4F06272500218FBDF00AFA1DC45DEA376CEF04751F108566FD1AA61A1DB359E14DB54
                                Function 00416C68 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33threadCOMMON
                                Download Yara Rule
                                APIs
                                • CreateThread.KERNEL32(00000000,00000000,Function_0001D4EE,00000000,00000000,00000000), ref: 00416C82
                                • ShowWindow.USER32(00000009), ref: 00416C9C
                                • SetForegroundWindow.USER32 ref: 00416CA8
                                  • Part of subcall function 0041CE2C: AllocConsole.KERNEL32(00475348), ref: 0041CE35
                                  • Part of subcall function 0041CE2C: ShowWindow.USER32(00000000,00000000), ref: 0041CE4E
                                  • Part of subcall function 0041CE2C: SetConsoleOutputCP.KERNEL32(000004E4), ref: 0041CE73
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Window$ConsoleShow$AllocCreateForegroundOutputThread
                                • String ID: !D@
                                • API String ID: 3446828153-604454484
                                • Opcode ID: 299c7e2eac24c2f7a13a1ef740d02627241d5152881cd92f93c311e1267b1ee5
                                • Instruction ID: b1493b377ee00385912555b1a5c9642ee05cd41efde33f67b603c236d656be44
                                • Opcode Fuzzy Hash: 299c7e2eac24c2f7a13a1ef740d02627241d5152881cd92f93c311e1267b1ee5
                                • Instruction Fuzzy Hash: 81F03A70148340AAD720AF65ED55BBABB69EB54301F01487BFA09C20F2DB389C94869E
                                Function 00416129 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 27COMMON
                                Download Yara Rule
                                APIs
                                • ShellExecuteW.SHELL32(00000000,open,cmd.exe,00000000,00000000,00000000), ref: 0041616B
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ExecuteShell
                                • String ID: /C $cmd.exe$open
                                • API String ID: 587946157-3896048727
                                • Opcode ID: ba5b8ac7040460dc6065eceb26c8d4705fa8e3e7fffb1ef49e463b9dc02157a1
                                • Instruction ID: 08f4dee505367bf09000beb2be63de5ecd082ae46aa0e0363999309db21c3e05
                                • Opcode Fuzzy Hash: ba5b8ac7040460dc6065eceb26c8d4705fa8e3e7fffb1ef49e463b9dc02157a1
                                • Instruction Fuzzy Hash: 5EE0C0B0204305ABC605F675DC96CBF73ADAA94749B50483F7142A20E2EF7C9D49C65D
                                Function 0040140A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 7libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                • GetModuleHandleA.KERNEL32(User32.dll,GetCursorInfo), ref: 00401414
                                • GetProcAddress.KERNEL32(00000000), ref: 0040141B
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: AddressHandleModuleProc
                                • String ID: GetCursorInfo$User32.dll
                                • API String ID: 1646373207-2714051624
                                • Opcode ID: 614bc808d894a367532beb2bc66ad03cac91d94fb46ece2cb469b05dff719b88
                                • Instruction ID: dd969ba971dbaa29921178884ad428293cf5128bfb63f122c38d39e9abecacc1
                                • Opcode Fuzzy Hash: 614bc808d894a367532beb2bc66ad03cac91d94fb46ece2cb469b05dff719b88
                                • Instruction Fuzzy Hash: 3EB09B74541740FB8F102B745D4D5153525A604703B100475F041D6151D7B584009A1E
                                Function 004014AF Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 7libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                • LoadLibraryA.KERNEL32(User32.dll,GetLastInputInfo), ref: 004014B9
                                • GetProcAddress.KERNEL32(00000000), ref: 004014C0
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: AddressLibraryLoadProc
                                • String ID: GetLastInputInfo$User32.dll
                                • API String ID: 2574300362-1519888992
                                • Opcode ID: 18b660a6896881f55a37715fd795c0b5131e5868884107d4762215e755f28e2f
                                • Instruction ID: c0691e7ba4e037ba5be4177d0f13c81de84985c40ff74287bb3597843e96be7a
                                • Opcode Fuzzy Hash: 18b660a6896881f55a37715fd795c0b5131e5868884107d4762215e755f28e2f
                                • Instruction Fuzzy Hash: 5FB092B8580340FBCB002BA0AD4E91E3A64AA18703B1008ABF041D21A1EBB888009F2F
                                Function 0044A084 Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: __alldvrm$_strrchr
                                • String ID:
                                • API String ID: 1036877536-0
                                • Opcode ID: 8f78adc186be73fa66820e99e070c83f6be0ee509df7c4dfd67e0dde8c439993
                                • Instruction ID: 8ce1af842cd152cb2b2428f5d584a25f6c9224aafe101b92c03b71ca88d34985
                                • Opcode Fuzzy Hash: 8f78adc186be73fa66820e99e070c83f6be0ee509df7c4dfd67e0dde8c439993
                                • Instruction Fuzzy Hash: 87A156729846829FF721CF58C8817AEBBA5FF15314F2841AFE8859B381D27C8C51C75A
                                Function 00456C9A Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: _free
                                • String ID:
                                • API String ID: 269201875-0
                                • Opcode ID: 5a84445a6d60efe319971740dde2d2f541f568e0726df331b0a843d8179482b0
                                • Instruction ID: 6f8591e81a910498abf0b0e408487d1c0faf04506bf4bd3dd9e850377c22d226
                                • Opcode Fuzzy Hash: 5a84445a6d60efe319971740dde2d2f541f568e0726df331b0a843d8179482b0
                                • Instruction Fuzzy Hash: 34413931B00104AAEB207B7A9C4666F3AB5DF45735F570A1FFD28C7293DA7C481D426A
                                Function 00442851 Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 423e02715d989b220add50ecbde53982322c6e48bca96a6cd7fe69295545b5c8
                                • Instruction ID: b0a34e1ed6630e1fb57c9e62860a3601010315cd62f19612bff23542d182db60
                                • Opcode Fuzzy Hash: 423e02715d989b220add50ecbde53982322c6e48bca96a6cd7fe69295545b5c8
                                • Instruction Fuzzy Hash: 70412AB1600704BFE724AF79CD41B5EBBE8EB88714F10462FF145DB281E3B999058798
                                Function 00404CC3 Relevance: 6.1, APIs: 4, Instructions: 121synchronizationthreadCOMMON
                                Download Yara Rule
                                APIs
                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,00000000,?,00000000,?,?,000000FF,00000000,?,00474F60), ref: 00404DB3
                                • CreateThread.KERNEL32(00000000,00000000,?,00474F08,00000000,00000000), ref: 00404DC7
                                • WaitForSingleObject.KERNEL32(?,000000FF,?,00000000), ref: 00404DD2
                                • CloseHandle.KERNEL32(?,?,00000000), ref: 00404DDB
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Create$CloseEventHandleObjectSingleThreadWait
                                • String ID:
                                • API String ID: 3360349984-0
                                • Opcode ID: 77a6d032992f3495e2e52a01d2ead9a1ebcb79a8041a0f526cc04fc7fe31482d
                                • Instruction ID: 30d48123e17294c38ae6f490953f1b42a5ca81467cb0df1087f173bd09261e59
                                • Opcode Fuzzy Hash: 77a6d032992f3495e2e52a01d2ead9a1ebcb79a8041a0f526cc04fc7fe31482d
                                • Instruction Fuzzy Hash: 684182B1108301AFC714EB62CD55DBFB7EDAFD4314F40093EF992A22E1DB3899098666
                                Function 0040C047 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 103sleepCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                • Cleared browsers logins and cookies., xrefs: 0040C130
                                • [Cleared browsers logins and cookies.], xrefs: 0040C11F
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Sleep
                                • String ID: [Cleared browsers logins and cookies.]$Cleared browsers logins and cookies.
                                • API String ID: 3472027048-1236744412
                                • Opcode ID: e0c8e38477863af5088d6fe634e6a0ac193c61f6508a68f7b7f24266df6e7c31
                                • Instruction ID: a79ddf3c6a5b8d59d799e992b07df0540e48cd861b142758bc1ef4dabba95ae9
                                • Opcode Fuzzy Hash: e0c8e38477863af5088d6fe634e6a0ac193c61f6508a68f7b7f24266df6e7c31
                                • Instruction Fuzzy Hash: F631A904648381EDD6116BF514967AB7B824E53744F0886BFB8C8273C3DABA4808C75F
                                Function 00412716 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 93sleepCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00413733: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,?,00000208), ref: 0041374F
                                  • Part of subcall function 00413733: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,00000000), ref: 00413768
                                  • Part of subcall function 00413733: RegCloseKey.ADVAPI32(?), ref: 00413773
                                • Sleep.KERNEL32(00000BB8), ref: 004127B5
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CloseOpenQuerySleepValue
                                • String ID: HSG$exepath$RG
                                • API String ID: 4119054056-4111122955
                                • Opcode ID: fa4264ab7ee0f56fbb1436d7a8ba00959a1c70ff335175d8111d710f019c8f65
                                • Instruction ID: 7f535f989f64e3217726da85717e45219a172cbdcd35e6ae3f2d68e0f7be43ad
                                • Opcode Fuzzy Hash: fa4264ab7ee0f56fbb1436d7a8ba00959a1c70ff335175d8111d710f019c8f65
                                • Instruction Fuzzy Hash: 1F21D8A1B043042BD604B7365D4AAAF724D8B80358F40897FBA56E73D3EEBD9C45826D
                                Function 0040A564 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 71sleepCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0041C5E2: GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041C5F2
                                  • Part of subcall function 0041C5E2: GetWindowTextLengthW.USER32(00000000), ref: 0041C5FB
                                  • Part of subcall function 0041C5E2: GetWindowTextW.USER32(00000000,00000000,00000001), ref: 0041C625
                                • Sleep.KERNEL32(000001F4), ref: 0040A5AE
                                • Sleep.KERNEL32(00000064), ref: 0040A638
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Window$SleepText$ForegroundLength
                                • String ID: [ $ ]
                                • API String ID: 3309952895-93608704
                                • Opcode ID: 69f93e903a5a9c6d889e9b85f3e5b234b319eb86257ec0e35b47b15ed479ba79
                                • Instruction ID: 6255842b65d5da3793f092b3f1447ea5db7efb23f61c0c2d19f8aa6a86066f85
                                • Opcode Fuzzy Hash: 69f93e903a5a9c6d889e9b85f3e5b234b319eb86257ec0e35b47b15ed479ba79
                                • Instruction Fuzzy Hash: CB119F315143006BC614BB26CC579AF77A8AB90348F40083FF552661E3EF79AE18869B
                                Function 00443AD3 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fcebbc467d131149bede3708c03e30a5933a8f2bf6fa192c1d79c37d30f8ae05
                                • Instruction ID: 2af8e1c260e5220142bf0b5f8a7e988c949d9a3a1697e0ff4d6bcf25ce69da1b
                                • Opcode Fuzzy Hash: fcebbc467d131149bede3708c03e30a5933a8f2bf6fa192c1d79c37d30f8ae05
                                • Instruction Fuzzy Hash: 7E01F2B26093557EFA202E786CC2F67630DCB51FBAB31033BB520612D2DB68DD40452C
                                Function 00443B52 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d36049e99d51c5662ea1cdccde7f001ca18baa555cb14a41c95be32ad22d597f
                                • Instruction ID: 437de9af4247593539f95cdbb70b1dc5411192884b5f12beac7b10196549b189
                                • Opcode Fuzzy Hash: d36049e99d51c5662ea1cdccde7f001ca18baa555cb14a41c95be32ad22d597f
                                • Instruction Fuzzy Hash: CB01ADB26096527ABA202E796CC5E27634CDB42BBA335037BF821512E3DF68DE054169
                                Function 004485E6 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,0044858D,?,00000000,00000000,00000000,?,004488B9,00000006,FlsSetValue), ref: 00448618
                                • GetLastError.KERNEL32(?,0044858D,?,00000000,00000000,00000000,?,004488B9,00000006,FlsSetValue,0045F170,0045F178,00000000,00000364,?,00448367), ref: 00448624
                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0044858D,?,00000000,00000000,00000000,?,004488B9,00000006,FlsSetValue,0045F170,0045F178,00000000), ref: 00448632
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: LibraryLoad$ErrorLast
                                • String ID:
                                • API String ID: 3177248105-0
                                • Opcode ID: 8f9b5e85c90ff7ccd8dc2bf5dda10acfb836c822a6cf5ef36d60eb5c9189937f
                                • Instruction ID: 239c22332ac31c5199b3ba4764290be2907fca328f5d1df1ca03bb1201a614b6
                                • Opcode Fuzzy Hash: 8f9b5e85c90ff7ccd8dc2bf5dda10acfb836c822a6cf5ef36d60eb5c9189937f
                                • Instruction Fuzzy Hash: D401FC32602322EBDB618A78EC4495F7758AF15BA2B22093AF909D3241DF24DC01C6EC
                                Function 0041C516 Relevance: 6.0, APIs: 4, Instructions: 50fileCOMMON
                                Download Yara Rule
                                APIs
                                • CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,?,00000000,0040412F,00465E84), ref: 0041C52F
                                • GetFileSize.KERNEL32(00000000,00000000,00000000,?,?,00000000,0040412F,00465E84), ref: 0041C543
                                • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,0040412F,00465E84), ref: 0041C568
                                • CloseHandle.KERNEL32(00000000,?,00000000,0040412F,00465E84), ref: 0041C576
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: File$CloseCreateHandleReadSize
                                • String ID:
                                • API String ID: 3919263394-0
                                • Opcode ID: 253de0e05f1e183a51722a251bf095503662c065c08e6289a01aaeef394dcb57
                                • Instruction ID: 4673af35f3eeaf13de89ae80f5e83caf65f56e40ae5cb47f4621101913e6d1ef
                                • Opcode Fuzzy Hash: 253de0e05f1e183a51722a251bf095503662c065c08e6289a01aaeef394dcb57
                                • Instruction Fuzzy Hash: 50F0C2B1241318BFE6101B25ADC9EBB369DDB866A9F10063EF802A22D1DA698D055139
                                Function 0041C26E Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                Download Yara Rule
                                APIs
                                • OpenProcess.KERNEL32(00001000,00000000,?,00000000,00000000,00000000), ref: 0041C286
                                • OpenProcess.KERNEL32(00000400,00000000,?,?,00000000,00000000,00000000), ref: 0041C299
                                • CloseHandle.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 0041C2C4
                                • CloseHandle.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 0041C2CC
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CloseHandleOpenProcess
                                • String ID:
                                • API String ID: 39102293-0
                                • Opcode ID: 86c9f0b933065f30fb7de588293abdcc028dc5bd0d1024c3ead9711c80f94643
                                • Instruction ID: eb9e11a2b0883253d54455b1eb0df9c10e535dd1e95c930e162dea6fb874dde8
                                • Opcode Fuzzy Hash: 86c9f0b933065f30fb7de588293abdcc028dc5bd0d1024c3ead9711c80f94643
                                • Instruction Fuzzy Hash: 2F01F231680215ABD71066949C8AFA7B66C8B84756F0001ABFA08D2292EE74CD81466A
                                Function 004398E3 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • ___BuildCatchObject.LIBVCRUNTIME ref: 004398FA
                                  • Part of subcall function 00439F32: ___AdjustPointer.LIBCMT ref: 00439F7C
                                • _UnwindNestedFrames.LIBCMT ref: 00439911
                                • ___FrameUnwindToState.LIBVCRUNTIME ref: 00439923
                                • CallCatchBlock.LIBVCRUNTIME ref: 00439947
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                • String ID:
                                • API String ID: 2633735394-0
                                • Opcode ID: f1135f3da04ba3a0995d0d42191a6de0eafd24a9b56dad318990318c05e81e44
                                • Instruction ID: 1eef882e9718bbd9a0ab38cd68ce054dbb3f9d4064fa539f417e17899f1f7293
                                • Opcode Fuzzy Hash: f1135f3da04ba3a0995d0d42191a6de0eafd24a9b56dad318990318c05e81e44
                                • Instruction Fuzzy Hash: 38010532000109BBCF125F56CC01EDA3BAAEF5C754F05901AF95865221C3BAE862ABA4
                                Function 0041941E Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • GetSystemMetrics.USER32(0000004C), ref: 0041942B
                                • GetSystemMetrics.USER32(0000004D), ref: 00419431
                                • GetSystemMetrics.USER32(0000004E), ref: 00419437
                                • GetSystemMetrics.USER32(0000004F), ref: 0041943D
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: MetricsSystem
                                • String ID:
                                • API String ID: 4116985748-0
                                • Opcode ID: 8421f7446e2b2501a8c7f7ac55c2b56c52e48a318564101d3507d6038f1717f6
                                • Instruction ID: fd4820a3fb0c8fcfb80096478546269f04700e3de9cdf271d69d174aa35805c7
                                • Opcode Fuzzy Hash: 8421f7446e2b2501a8c7f7ac55c2b56c52e48a318564101d3507d6038f1717f6
                                • Instruction Fuzzy Hash: 3FF0A4B1B043155BD700EE758C51A6B6ADAEBD4364F10043FF60887281EFB8DC468B84
                                Function 00438FB1 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                Download Yara Rule
                                APIs
                                • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00438FB1
                                • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00438FB6
                                • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 00438FBB
                                  • Part of subcall function 0043A4BA: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 0043A4CB
                                • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00438FD0
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                • String ID:
                                • API String ID: 1761009282-0
                                • Opcode ID: 37419d0d218480942dadea5656795116f0d18a982b1fc86bcd770d00ce79fbb1
                                • Instruction ID: 3a6c9073cd349407f79861cc5a63413a30b4b1af88e8d748f4708d1390bfb410
                                • Opcode Fuzzy Hash: 37419d0d218480942dadea5656795116f0d18a982b1fc86bcd770d00ce79fbb1
                                • Instruction Fuzzy Hash: 8DC04C44080381552C50B6B2110B2AF83521C7E38CF9074DFBDD1579474D5D052F553F
                                Function 00442CAD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                Download Yara Rule
                                APIs
                                • __startOneArgErrorHandling.LIBCMT ref: 00442D3D
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ErrorHandling__start
                                • String ID: pow
                                • API String ID: 3213639722-2276729525
                                • Opcode ID: ba08a0cb9aac2d09af1d9c353536d0054585ad8ee24c5cded07915036f7ff901
                                • Instruction ID: 2abd0c7c8e13d4a8cd2c8141c546921d868ac315c0d238e81b652aa6ec7fde8b
                                • Opcode Fuzzy Hash: ba08a0cb9aac2d09af1d9c353536d0054585ad8ee24c5cded07915036f7ff901
                                • Instruction Fuzzy Hash: 92515AE1E0460296FB167714CE4137B6794AB50741F70497BF0D6823EAEA7C8C859B4F
                                Function 00415B25 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 163COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: CountEventTick
                                • String ID: !D@
                                • API String ID: 180926312-604454484
                                • Opcode ID: 8fd5e973108e6e084692de34b74388c77d147e49b600281709414b9c0af54723
                                • Instruction ID: a18c2cf71696728a803f4d48a8d0c2278a59ecc2ec6ff56e3a85b819d46b2ac8
                                • Opcode Fuzzy Hash: 8fd5e973108e6e084692de34b74388c77d147e49b600281709414b9c0af54723
                                • Instruction Fuzzy Hash: 4F51B6315082019AC724FB32D852AFF73A5AF94304F50483FF546671E2EF3C5945C68A
                                Function 00451BB7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,00451E12,?,00000050,?,?,?,?,?), ref: 00451C92
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: ACP$OCP
                                • API String ID: 0-711371036
                                • Opcode ID: 28d359b86f53a769e50845c8979a9c95ba506d3f4f520eddc938968d94c37ac1
                                • Instruction ID: 09b953eaa346ea86c897215e5a2a15a508f8bcb16f9b984b1dadcb699cf7d301
                                • Opcode Fuzzy Hash: 28d359b86f53a769e50845c8979a9c95ba506d3f4f520eddc938968d94c37ac1
                                • Instruction Fuzzy Hash: E821D862A80204A6DB36CF14C941BAB7266DB54B13F568426ED0AD7322F73BED45C35C
                                Function 0041631F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 79COMMON
                                Download Yara Rule
                                APIs
                                • _wcslen.LIBCMT ref: 00416330
                                  • Part of subcall function 004138B2: RegCreateKeyA.ADVAPI32(80000001,00000000,004660B4), ref: 004138C0
                                  • Part of subcall function 004138B2: RegSetValueExA.ADVAPI32(004660B4,000000AF,00000000,00000004,00000001,00000004,?,?,?,0040C18D,00466C58,00000001,000000AF,004660B4), ref: 004138DB
                                  • Part of subcall function 004138B2: RegCloseKey.ADVAPI32(004660B4,?,?,?,0040C18D,00466C58,00000001,000000AF,004660B4), ref: 004138E6
                                  • Part of subcall function 00409E1F: _wcslen.LIBCMT ref: 00409E38
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: _wcslen$CloseCreateValue
                                • String ID: !D@$okmode
                                • API String ID: 3411444782-1942679189
                                • Opcode ID: 6236e1ae3c0c31af23e2c8bc277128b7b69df3d7e586693640e81273bc091059
                                • Instruction ID: 3691d04bdc76b081f03c0e50e7d604d291fd2bc6213442c77ae478975c73e837
                                • Opcode Fuzzy Hash: 6236e1ae3c0c31af23e2c8bc277128b7b69df3d7e586693640e81273bc091059
                                • Instruction Fuzzy Hash: E211A871B042011BDA187B72D822BBD2296DB84349F80483FF50AAF2E2DFBD4C51535D
                                Function 00404FF4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67timeCOMMON
                                Download Yara Rule
                                APIs
                                • GetLocalTime.KERNEL32(?,004755A8,?,00000000,?,?,?,?,?,?,00415D04,?,00000001,0000004C,00000000), ref: 00405030
                                  • Part of subcall function 0041B580: GetLocalTime.KERNEL32(00000000), ref: 0041B59A
                                • GetLocalTime.KERNEL32(?,004755A8,?,00000000,?,?,?,?,?,?,00415D04,?,00000001,0000004C,00000000), ref: 00405087
                                Strings
                                • KeepAlive | Enabled | Timeout: , xrefs: 0040501F
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: LocalTime
                                • String ID: KeepAlive | Enabled | Timeout:
                                • API String ID: 481472006-1507639952
                                • Opcode ID: fafa22d7485c9b9af755bd661b3a7c95bf01426dd8ce028ebaa8e1e096a55f09
                                • Instruction ID: b700b38ef9f928670de2390b904a97a1cb71e472754ad5b4355c5e73bb52b66b
                                • Opcode Fuzzy Hash: fafa22d7485c9b9af755bd661b3a7c95bf01426dd8ce028ebaa8e1e096a55f09
                                • Instruction Fuzzy Hash: E62104719007806BD710B732A80A76F7B64E755308F44057EE8491B2A2EB7D5988CBDE
                                Function 00416676 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62sleepfilenetworkCOMMON
                                Download Yara Rule
                                APIs
                                • Sleep.KERNEL32 ref: 0041667B
                                • URLDownloadToFileW.URLMON(00000000,00000000,00000002,00000000,00000000), ref: 004166DD
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: DownloadFileSleep
                                • String ID: !D@
                                • API String ID: 1931167962-604454484
                                • Opcode ID: eaa9831e87e63887f0af28a98f7f876d5a77a0a49fe78d7469181928150fd69d
                                • Instruction ID: 943aba663a6785b3e55a0e29e9dd0f60b42d3502aaa7a5a348319576c1e2766f
                                • Opcode Fuzzy Hash: eaa9831e87e63887f0af28a98f7f876d5a77a0a49fe78d7469181928150fd69d
                                • Instruction Fuzzy Hash: 9D1142716083029AC614FF72D8969AE77A4AF50348F400C7FF546531E2EE3C9949C65A
                                Function 0041B580 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59timeCOMMON
                                Download Yara Rule
                                APIs
                                • GetLocalTime.KERNEL32(00000000), ref: 0041B59A
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: LocalTime
                                • String ID: | $%02i:%02i:%02i:%03i
                                • API String ID: 481472006-2430845779
                                • Opcode ID: 23fa0ef33e23c51acc25039f5b4c387a24ac30d1e525e3dcef4a48577b83362e
                                • Instruction ID: dc1ef91952a31d7701eba46fb19b130c3a81cf04c31882e55cbcd77cf5b9c3d8
                                • Opcode Fuzzy Hash: 23fa0ef33e23c51acc25039f5b4c387a24ac30d1e525e3dcef4a48577b83362e
                                • Instruction Fuzzy Hash: 72118E714082455AC304EB62D8519BFB3E9AB44308F50093FF88AA21E1EF3CDA45C69E
                                Function 0041ADA8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
                                Download Yara Rule
                                APIs
                                • PathFileExistsW.SHLWAPI(00000000), ref: 0041ADCD
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ExistsFilePath
                                • String ID: alarm.wav$xYG
                                • API String ID: 1174141254-3120134784
                                • Opcode ID: 64cd0adba8cb64f7cc29e3bcfb1a1c37beafda4eb82c8f499b05d2b71789c391
                                • Instruction ID: fba4c3df788ebc26406fa6248c5b94d62a9d66ba9cb3dc57f05af0bb44f50ff0
                                • Opcode Fuzzy Hash: 64cd0adba8cb64f7cc29e3bcfb1a1c37beafda4eb82c8f499b05d2b71789c391
                                • Instruction Fuzzy Hash: 78019E7068831166CA04F77688166EE37559B80318F00847FF64A566E2EFBC9A9586CF
                                Function 0040B08C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0040B19F: GetLocalTime.KERNEL32(?,Offline Keylogger Started,00475100), ref: 0040B1AD
                                  • Part of subcall function 0040B19F: wsprintfW.USER32 ref: 0040B22E
                                  • Part of subcall function 0041B580: GetLocalTime.KERNEL32(00000000), ref: 0041B59A
                                • CloseHandle.KERNEL32(?), ref: 0040B0EF
                                • UnhookWindowsHookEx.USER32 ref: 0040B102
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: LocalTime$CloseHandleHookUnhookWindowswsprintf
                                • String ID: Online Keylogger Stopped
                                • API String ID: 1623830855-1496645233
                                • Opcode ID: 752f1b0530f09a227fccadca3f0ff38838367ade688bdeb0a317c415c2ec40dd
                                • Instruction ID: 2c7fc3a8f12b1f8c565497f75251163d8124a4eac963031352a4caf2a1bdec21
                                • Opcode Fuzzy Hash: 752f1b0530f09a227fccadca3f0ff38838367ade688bdeb0a317c415c2ec40dd
                                • Instruction Fuzzy Hash: 6F01F530600610ABD7217B35C81B7BE7B729B41304F4004BFE982265C2EBB91856C7DE
                                Function 004017EC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                Download Yara Rule
                                APIs
                                • waveInPrepareHeader.WINMM(?,00000020,?,?,00476B60,00474EF0,?,00000000,00401A15), ref: 00401849
                                • waveInAddBuffer.WINMM(?,00000020,?,00000000,00401A15), ref: 0040185F
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: wave$BufferHeaderPrepare
                                • String ID: hMG
                                • API String ID: 2315374483-350922481
                                • Opcode ID: 2a7237b1c750756b6a557ff6dbb8ae44e7524d5ce161b2fadacf42baadc53798
                                • Instruction ID: 961ac9ec07701b1a047984959549e732b5ed52ade8bfae490fcb5a94ac50a39c
                                • Opcode Fuzzy Hash: 2a7237b1c750756b6a557ff6dbb8ae44e7524d5ce161b2fadacf42baadc53798
                                • Instruction Fuzzy Hash: 46016D71701301AFC7609F75EC449697BA9FF89355701413AF409C77A2EB759C50CB98
                                Function 00448B66 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • IsValidLocale.KERNEL32(00000000,kKD,00000000,00000001,?,?,00444B6B,?,?,?,?,00000004), ref: 00448BB2
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: LocaleValid
                                • String ID: IsValidLocaleName$kKD
                                • API String ID: 1901932003-3269126172
                                • Opcode ID: e2be842f2307acef5cef967ff3e72c46beaafbec9f28b2cc6d0622aebebc3446
                                • Instruction ID: c774fcfd7954269485cc3e12fd2bed3330e0a6a7af379781e67d062e13931268
                                • Opcode Fuzzy Hash: e2be842f2307acef5cef967ff3e72c46beaafbec9f28b2cc6d0622aebebc3446
                                • Instruction Fuzzy Hash: 9BF05230A80708FBDB016B60DC06FAE7B54CB44B12F10007EFD046B291DE799E0091ED
                                Function 0040C4FE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                Download Yara Rule
                                APIs
                                • PathFileExistsW.SHLWAPI(00000000,\AppData\Local\Google\Chrome\,00000000), ref: 0040C531
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ExistsFilePath
                                • String ID: UserProfile$\AppData\Local\Google\Chrome\
                                • API String ID: 1174141254-4188645398
                                • Opcode ID: 7513dcd4ec4d57a56e025c7af7034f3ed00120f23cab16f4c8460ea67e10ce8f
                                • Instruction ID: 9b0ec594f197676e752fca63164bf20e3c748e9c9f1ad615e42e10c79405690b
                                • Opcode Fuzzy Hash: 7513dcd4ec4d57a56e025c7af7034f3ed00120f23cab16f4c8460ea67e10ce8f
                                • Instruction Fuzzy Hash: FEF05E30A00219A6CA04BBB69C478AF7B289910759B40017FBA01B21D3EE78994586DD
                                Function 0040C561 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                Download Yara Rule
                                APIs
                                • PathFileExistsW.SHLWAPI(00000000,\AppData\Local\Microsoft\Edge\,00000000), ref: 0040C594
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ExistsFilePath
                                • String ID: UserProfile$\AppData\Local\Microsoft\Edge\
                                • API String ID: 1174141254-2800177040
                                • Opcode ID: 1557f4bb399ccd962a6ec8f3b7672d0fabb033b8baa200f96a6bb4b223b6e054
                                • Instruction ID: ebfb9b6c20c42028ef61fa2b9513503d2b9bf0243ac81fc6585c9643e3935da3
                                • Opcode Fuzzy Hash: 1557f4bb399ccd962a6ec8f3b7672d0fabb033b8baa200f96a6bb4b223b6e054
                                • Instruction Fuzzy Hash: F1F05E70A0021AE6CA04BBB69C478EF7B2C9910755B40017BBA01721D3FE7CA94586ED
                                Function 0040C5C4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                Download Yara Rule
                                APIs
                                • PathFileExistsW.SHLWAPI(00000000,\Opera Software\Opera Stable\,00000000), ref: 0040C5F7
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ExistsFilePath
                                • String ID: AppData$\Opera Software\Opera Stable\
                                • API String ID: 1174141254-1629609700
                                • Opcode ID: 36686d3cf67e5c20a4c0d90b7e9d5895c4617d041214c89f366c5e76c3197c6f
                                • Instruction ID: 695210f55460e2722832162fecb8267ed9c5d90cd61684e29202a639a57ef244
                                • Opcode Fuzzy Hash: 36686d3cf67e5c20a4c0d90b7e9d5895c4617d041214c89f366c5e76c3197c6f
                                • Instruction Fuzzy Hash: 38F05E30A00219D6CA14BBB69C478EF7B2C9950755F1005BBBA01B21D3EE789941C6ED
                                Function 0040B681 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32keyboardCOMMON
                                Download Yara Rule
                                APIs
                                • GetKeyState.USER32(00000011), ref: 0040B686
                                  • Part of subcall function 0040A41B: GetForegroundWindow.USER32 ref: 0040A451
                                  • Part of subcall function 0040A41B: GetWindowThreadProcessId.USER32(00000000,?), ref: 0040A45D
                                  • Part of subcall function 0040A41B: GetKeyboardLayout.USER32(00000000), ref: 0040A464
                                  • Part of subcall function 0040A41B: GetKeyState.USER32(00000010), ref: 0040A46E
                                  • Part of subcall function 0040A41B: GetKeyboardState.USER32(?), ref: 0040A479
                                  • Part of subcall function 0040A41B: ToUnicodeEx.USER32(?,?,?,?,00000010,00000000,00000000), ref: 0040A49C
                                  • Part of subcall function 0040A41B: ToUnicodeEx.USER32(?,?,00000010,00000000,00000000), ref: 0040A4FC
                                  • Part of subcall function 0040A671: SetEvent.KERNEL32(?,?,00000000,0040B245,00000000), ref: 0040A69D
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: State$KeyboardUnicodeWindow$EventForegroundLayoutProcessThread
                                • String ID: [AltL]$[AltR]
                                • API String ID: 2738857842-2658077756
                                • Opcode ID: 973633859d93ff8360b83ac9e1d77558cdb0b7c4d5bdbb5f5e50dc46d20ac961
                                • Instruction ID: d407634c764e35d79823ffb94670adf82ecea3c262ef0a09b09082b5b6a355d5
                                • Opcode Fuzzy Hash: 973633859d93ff8360b83ac9e1d77558cdb0b7c4d5bdbb5f5e50dc46d20ac961
                                • Instruction Fuzzy Hash: B2E0652171032052C859363D592FABE2D11CB41B64B42097FF842AB7D6DABF4D5543CF
                                Function 004161C5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                Download Yara Rule
                                APIs
                                • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000000), ref: 004161E3
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ExecuteShell
                                • String ID: !D@$open
                                • API String ID: 587946157-1586967515
                                • Opcode ID: 30a1d241cab23d886832e5a2cf84020a5ff996eade7e739dca91f4d882a6cfc9
                                • Instruction ID: 3b2857edeaddefe186f4a0a52e989bb70d7a4cfa1db765b6d796ce97600c5b03
                                • Opcode Fuzzy Hash: 30a1d241cab23d886832e5a2cf84020a5ff996eade7e739dca91f4d882a6cfc9
                                • Instruction Fuzzy Hash: 4AE012712483059AD214EA72DC92EFEB35CAB54755F404C3FF506524E2EF3C5C49C66A
                                Function 0040B6DB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24keyboardCOMMON
                                Download Yara Rule
                                APIs
                                • GetKeyState.USER32(00000012), ref: 0040B6E0
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: State
                                • String ID: [CtrlL]$[CtrlR]
                                • API String ID: 1649606143-2446555240
                                • Opcode ID: 1321bbb6cc8174ef42da852326f734558715e41d50b56193fb2d1a3bfc871e5f
                                • Instruction ID: b338140f060b4cc34328e336f8905ed3f99262ec5dadafe534bff25dd27afc5e
                                • Opcode Fuzzy Hash: 1321bbb6cc8174ef42da852326f734558715e41d50b56193fb2d1a3bfc871e5f
                                • Instruction Fuzzy Hash: CFE04F2160072052C5243A7D561A67A2911C7C2764F41057BE9826B7C6DABE891452DF
                                Function 0040E7DA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00434801: __onexit.LIBCMT ref: 00434807
                                • __Init_thread_footer.LIBCMT ref: 00410F64
                                Strings
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: Init_thread_footer__onexit
                                • String ID: <kG$@kG
                                • API String ID: 1881088180-1261746286
                                • Opcode ID: d4565030f79739e4e66115585db0aa101e00d72097786d2d832482c72ad8666d
                                • Instruction ID: b3c290aa7aaf28965b2d5d57398085964b0ab7c4475a0d5935719b6e6c356165
                                • Opcode Fuzzy Hash: d4565030f79739e4e66115585db0aa101e00d72097786d2d832482c72ad8666d
                                • Instruction Fuzzy Hash: 4BE0D8315049208AC510B75EE442AC53345DB0A324B21907BF414D72D2CBAE78C24E5D
                                Function 00413A5E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,00000000,00000002,?,80000002,80000002,0040D509,00000000,?,00000000), ref: 00413A6C
                                • RegDeleteValueW.ADVAPI32(?,?,?,00000000), ref: 00413A80
                                Strings
                                • Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\, xrefs: 00413A6A
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: DeleteOpenValue
                                • String ID: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
                                • API String ID: 2654517830-1051519024
                                • Opcode ID: 37389d7ee51bec1c2129a7b253fd7a72f11d6a1cc032b6ab4e225ceb9c6d243b
                                • Instruction ID: 8a242acd51d06e7ce72e997358fe7bb9804e2c240f13b939b69747d851efcbee
                                • Opcode Fuzzy Hash: 37389d7ee51bec1c2129a7b253fd7a72f11d6a1cc032b6ab4e225ceb9c6d243b
                                • Instruction Fuzzy Hash: FFE0C231244208FBEF104FB1DD06FFA7B2CDB01F42F1006A9BA0692192C626CE049664
                                Function 00440CE1 Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00401BD9), ref: 00440D77
                                • GetLastError.KERNEL32 ref: 00440D85
                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00440DE0
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ByteCharMultiWide$ErrorLast
                                • String ID:
                                • API String ID: 1717984340-0
                                • Opcode ID: aa9c90e467390f2e0f6591fe7c9965b03d9b59885bed7a4237b1e33e934d31eb
                                • Instruction ID: 51be13377619d21db21fabe69686c0ed70cae26876ac5a8e773c252addda8789
                                • Opcode Fuzzy Hash: aa9c90e467390f2e0f6591fe7c9965b03d9b59885bed7a4237b1e33e934d31eb
                                • Instruction Fuzzy Hash: 2D412670A00212AFEF218FA5C8447BBBBA4EF41310F2045AAFA59573E1DB399C31C759
                                Function 00411B9A Relevance: 5.1, APIs: 4, Instructions: 119COMMON
                                Download Yara Rule
                                APIs
                                • IsBadReadPtr.KERNEL32(?,00000014), ref: 00411BC7
                                • IsBadReadPtr.KERNEL32(?,00000014), ref: 00411C93
                                • SetLastError.KERNEL32(0000007F,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00411CB5
                                • SetLastError.KERNEL32(0000007E,00411F2B), ref: 00411CCC
                                Memory Dump Source
                                • Source File: 00000007.00000002.1385450636.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_7_2_400000_NEW ORDER- 4788467.jbxd
                                Yara matches
                                Similarity
                                • API ID: ErrorLastRead
                                • String ID:
                                • API String ID: 4100373531-0
                                • Opcode ID: 90639ee29dfdd48ecb3f8d3d3319bc7730bab7022ac74643829df8c5f46e8e60
                                • Instruction ID: 65e884089caabfe283b2879acbb60db065d5dd9ad58be7743d127bf22715a70c
                                • Opcode Fuzzy Hash: 90639ee29dfdd48ecb3f8d3d3319bc7730bab7022ac74643829df8c5f46e8e60
                                • Instruction Fuzzy Hash: 60419D716443059FEB248F19DC84BA7B3E4FF44714F00082EEA4A876A1F738E845CB99

                                Execution Graph

                                Execution Coverage:10.3%
                                Dynamic/Decrypted Code Coverage:100%
                                Signature Coverage:0%
                                Total number of Nodes:189
                                Total number of Limit Nodes:11
                                execution_graph 30131 77d188c 30132 77d1896 30131->30132 30134 77d196f 30131->30134 30133 77d199d 30134->30133 30138 77d386e 30134->30138 30157 77d3808 30134->30157 30175 77d37f8 30134->30175 30139 77d37fc 30138->30139 30140 77d3871 30138->30140 30141 77d382a 30139->30141 30193 77d3ffc 30139->30193 30198 77d3d7d 30139->30198 30205 77d3e3d 30139->30205 30210 77d40e3 30139->30210 30215 77d3fe3 30139->30215 30220 77d3e04 30139->30220 30225 77d3fcb 30139->30225 30230 77d3d6f 30139->30230 30235 77d3e8f 30139->30235 30240 77d43ef 30139->30240 30245 77d3ead 30139->30245 30253 77d4152 30139->30253 30258 77d4454 30139->30258 30263 77d3c39 30139->30263 30268 77d455f 30139->30268 30140->30133 30141->30133 30158 77d380b 30157->30158 30159 77d382a 30158->30159 30160 77d3e3d 2 API calls 30158->30160 30161 77d3d7d 4 API calls 30158->30161 30162 77d3ffc 2 API calls 30158->30162 30163 77d455f 2 API calls 30158->30163 30164 77d3c39 2 API calls 30158->30164 30165 77d4454 2 API calls 30158->30165 30166 77d4152 2 API calls 30158->30166 30167 77d3ead 4 API calls 30158->30167 30168 77d43ef 2 API calls 30158->30168 30169 77d3e8f 2 API calls 30158->30169 30170 77d3d6f 2 API calls 30158->30170 30171 77d3fcb 2 API calls 30158->30171 30172 77d3e04 2 API calls 30158->30172 30173 77d3fe3 2 API calls 30158->30173 30174 77d40e3 2 API calls 30158->30174 30159->30133 30160->30159 30161->30159 30162->30159 30163->30159 30164->30159 30165->30159 30166->30159 30167->30159 30168->30159 30169->30159 30170->30159 30171->30159 30172->30159 30173->30159 30174->30159 30176 77d37fc 30175->30176 30177 77d3e3d 2 API calls 30176->30177 30178 77d3d7d 4 API calls 30176->30178 30179 77d3ffc 2 API calls 30176->30179 30180 77d455f 2 API calls 30176->30180 30181 77d382a 30176->30181 30182 77d3c39 2 API calls 30176->30182 30183 77d4454 2 API calls 30176->30183 30184 77d4152 2 API calls 30176->30184 30185 77d3ead 4 API calls 30176->30185 30186 77d43ef 2 API calls 30176->30186 30187 77d3e8f 2 API calls 30176->30187 30188 77d3d6f 2 API calls 30176->30188 30189 77d3fcb 2 API calls 30176->30189 30190 77d3e04 2 API calls 30176->30190 30191 77d3fe3 2 API calls 30176->30191 30192 77d40e3 2 API calls 30176->30192 30177->30181 30178->30181 30179->30181 30180->30181 30181->30133 30182->30181 30183->30181 30184->30181 30185->30181 30186->30181 30187->30181 30188->30181 30189->30181 30190->30181 30191->30181 30192->30181 30194 77d3d65 30193->30194 30194->30193 30195 77d3d77 30194->30195 30272 77d0bc8 30194->30272 30276 77d0bc0 30194->30276 30280 77d1198 30198->30280 30284 77d1190 30198->30284 30199 77d3d59 30200 77d3d77 30199->30200 30201 77d0bc8 Wow64SetThreadContext 30199->30201 30202 77d0bc0 Wow64SetThreadContext 30199->30202 30201->30199 30202->30199 30206 77d3d65 30205->30206 30207 77d3d77 30206->30207 30208 77d0bc8 Wow64SetThreadContext 30206->30208 30209 77d0bc0 Wow64SetThreadContext 30206->30209 30208->30206 30209->30206 30211 77d40ec 30210->30211 30213 77d1198 WriteProcessMemory 30211->30213 30214 77d1190 WriteProcessMemory 30211->30214 30212 77d4191 30213->30212 30214->30212 30216 77d43f6 30215->30216 30217 77d4418 30216->30217 30288 77d1288 30216->30288 30292 77d1280 30216->30292 30221 77d4170 30220->30221 30223 77d1198 WriteProcessMemory 30221->30223 30224 77d1190 WriteProcessMemory 30221->30224 30222 77d4191 30223->30222 30224->30222 30226 77d44c4 30225->30226 30296 77d10d8 30226->30296 30300 77d10d1 30226->30300 30227 77d44e2 30231 77d3d65 30230->30231 30232 77d3d77 30231->30232 30233 77d0bc8 Wow64SetThreadContext 30231->30233 30234 77d0bc0 Wow64SetThreadContext 30231->30234 30233->30231 30234->30231 30236 77d3e95 30235->30236 30304 77d0b18 30236->30304 30308 77d0b10 30236->30308 30237 77d4617 30241 77d43f5 30240->30241 30243 77d1288 ReadProcessMemory 30241->30243 30244 77d1280 ReadProcessMemory 30241->30244 30242 77d4418 30243->30242 30244->30242 30246 77d3eba 30245->30246 30247 77d3f51 30245->30247 30251 77d0bc8 Wow64SetThreadContext 30246->30251 30252 77d0bc0 Wow64SetThreadContext 30246->30252 30249 77d0b18 ResumeThread 30247->30249 30250 77d0b10 ResumeThread 30247->30250 30248 77d4617 30249->30248 30250->30248 30251->30247 30252->30247 30254 77d4158 30253->30254 30256 77d1198 WriteProcessMemory 30254->30256 30257 77d1190 WriteProcessMemory 30254->30257 30255 77d4191 30256->30255 30257->30255 30259 77d3ea6 30258->30259 30261 77d0b18 ResumeThread 30259->30261 30262 77d0b10 ResumeThread 30259->30262 30260 77d4617 30261->30260 30262->30260 30264 77d3c49 30263->30264 30312 77d1415 30264->30312 30316 77d1420 30264->30316 30270 77d1198 WriteProcessMemory 30268->30270 30271 77d1190 WriteProcessMemory 30268->30271 30269 77d4592 30270->30269 30271->30269 30273 77d0bcb Wow64SetThreadContext 30272->30273 30275 77d0c55 30273->30275 30275->30194 30277 77d0bc4 Wow64SetThreadContext 30276->30277 30279 77d0c55 30277->30279 30279->30194 30281 77d11e0 WriteProcessMemory 30280->30281 30283 77d1237 30281->30283 30283->30199 30285 77d11e0 WriteProcessMemory 30284->30285 30287 77d1237 30285->30287 30287->30199 30289 77d128b ReadProcessMemory 30288->30289 30291 77d1317 30289->30291 30291->30217 30293 77d1284 ReadProcessMemory 30292->30293 30295 77d1317 30293->30295 30295->30217 30297 77d10dd VirtualAllocEx 30296->30297 30299 77d1155 30297->30299 30299->30227 30301 77d10d8 VirtualAllocEx 30300->30301 30303 77d1155 30301->30303 30303->30227 30305 77d0b1d ResumeThread 30304->30305 30307 77d0b89 30305->30307 30307->30237 30309 77d0b18 ResumeThread 30308->30309 30311 77d0b89 30309->30311 30311->30237 30313 77d1420 CreateProcessA 30312->30313 30315 77d166b 30313->30315 30315->30315 30317 77d1425 CreateProcessA 30316->30317 30319 77d166b 30317->30319 30319->30319 30100 336ac70 30103 336ad68 30100->30103 30101 336ac7f 30104 336ad9c 30103->30104 30105 336ad79 30103->30105 30104->30101 30105->30104 30106 336afa0 GetModuleHandleW 30105->30106 30107 336afcd 30106->30107 30107->30101 30129 336d650 DuplicateHandle 30130 336d6e6 30129->30130 30320 336d000 30321 336d046 GetCurrentProcess 30320->30321 30323 336d091 30321->30323 30324 336d098 GetCurrentThread 30321->30324 30323->30324 30325 336d0d5 GetCurrentProcess 30324->30325 30326 336d0ce 30324->30326 30327 336d10b 30325->30327 30326->30325 30328 336d133 GetCurrentThreadId 30327->30328 30329 336d164 30328->30329 30330 77d4a80 30332 77d4a83 30330->30332 30331 77d4c0b 30332->30331 30335 77d4cf9 30332->30335 30339 77d4d00 30332->30339 30336 77d4cfc 30335->30336 30337 77d4d03 PostMessageW 30335->30337 30336->30337 30338 77d4d6c 30337->30338 30338->30332 30340 77d4d03 PostMessageW 30339->30340 30341 77d4d6c 30340->30341 30341->30332 30108 3364668 30109 336467a 30108->30109 30110 3364686 30109->30110 30112 3364779 30109->30112 30113 336479d 30112->30113 30117 3364888 30113->30117 30121 3364879 30113->30121 30119 33648af 30117->30119 30118 336498c 30119->30118 30125 33644b4 30119->30125 30123 33648af 30121->30123 30122 336498c 30122->30122 30123->30122 30124 33644b4 CreateActCtxA 30123->30124 30124->30122 30126 3365918 CreateActCtxA 30125->30126 30128 33659db 30126->30128 30128->30128

                                Executed Functions

                                Function 077B34B8 Relevance: 3.1, Strings: 2, Instructions: 562COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 44 77b34b8-77b34e0 45 77b34e2 44->45 46 77b34e7-77b35a3 44->46 45->46 49 77b35a8-77b35b5 46->49 50 77b35a5-77b35cb 46->50 49->50 52 77b3abb-77b3afd 50->52 53 77b35d1-77b35fb 50->53 62 77b3b00-77b3b04 52->62 56 77b3cc8-77b3cd4 53->56 57 77b3601-77b3619 53->57 58 77b3cda-77b3ce3 56->58 57->58 59 77b361f-77b3620 57->59 65 77b3ce9-77b3cf5 58->65 61 77b3cae-77b3cba 59->61 63 77b3cc0-77b3cc7 61->63 64 77b3625-77b3631 61->64 66 77b3b0a-77b3b10 62->66 67 77b36d6-77b36da 62->67 70 77b3638-77b3653 64->70 71 77b3633 64->71 76 77b3cfb-77b3d07 65->76 66->52 72 77b3b12-77b3b6d 66->72 68 77b36ec-77b36f2 67->68 69 77b36dc-77b36ea 67->69 74 77b3737-77b373b 68->74 73 77b374a-77b377c 69->73 70->65 75 77b3659-77b367e 70->75 71->70 91 77b3b6f-77b3ba2 72->91 92 77b3ba4-77b3bce 72->92 97 77b377e-77b378a 73->97 98 77b37a6 73->98 77 77b373d 74->77 78 77b36f4-77b3700 74->78 75->76 89 77b3684-77b3686 75->89 85 77b3d0d-77b3d14 76->85 84 77b3740-77b3744 77->84 81 77b3702 78->81 82 77b3707-77b370f 78->82 81->82 87 77b3711-77b3725 82->87 88 77b3734 82->88 84->73 90 77b36bc-77b36d3 84->90 94 77b372b-77b3732 87->94 95 77b3689-77b3694 87->95 88->74 89->95 90->67 105 77b3bd7-77b3c56 91->105 92->105 94->77 95->85 99 77b369a-77b36b7 95->99 101 77b378c-77b3792 97->101 102 77b3794-77b379a 97->102 104 77b37ac-77b37d9 98->104 99->84 106 77b37a4 101->106 102->106 111 77b37db-77b3813 104->111 112 77b3828-77b38bb 104->112 119 77b3c5d-77b3c70 105->119 106->104 120 77b3c7f-77b3c84 111->120 127 77b38bd 112->127 128 77b38c4-77b38c5 112->128 119->120 121 77b3c9b-77b3cab 120->121 122 77b3c86-77b3c94 120->122 121->61 122->121 127->128 129 77b3916-77b391c 128->129 130 77b391e-77b39e0 129->130 131 77b38c7-77b38e6 129->131 142 77b39e2-77b3a1b 130->142 143 77b3a21-77b3a25 130->143 132 77b38e8 131->132 133 77b38ed-77b3913 131->133 132->133 133->129 142->143 144 77b3a27-77b3a60 143->144 145 77b3a66-77b3a6a 143->145 144->145 146 77b3aab-77b3aaf 145->146 147 77b3a6c-77b3aa5 145->147 146->72 149 77b3ab1-77b3ab9 146->149 147->146 149->62
                                Strings
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID: :$~
                                • API String ID: 0-2431124681
                                • Opcode ID: f475c7e43dc75f09f533382a3eef5275f92f20fb31f160a2560a7f3c7a7e4861
                                • Instruction ID: 2fe02bc17b3f88c27eb857c845461094822c286f4e8fc18399b31ea5476a5754
                                • Opcode Fuzzy Hash: f475c7e43dc75f09f533382a3eef5275f92f20fb31f160a2560a7f3c7a7e4861
                                • Instruction Fuzzy Hash: D442F2B5A00218DFDB25CFA8C984BD9BBB2FF49304F1584E9E509AB261D731AD91DF10
                                Function 077B2106 Relevance: 1.8, Strings: 1, Instructions: 561COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 152 77b2106-77b210a 153 77b210b-77b2120 152->153 154 77b2acd-77b2add 152->154 153->154 155 77b2121-77b212c 153->155 157 77b2132-77b213e 155->157 158 77b214a-77b2159 157->158 160 77b21b8-77b21bc 158->160 161 77b21c2-77b21cb 160->161 162 77b2264-77b22ce 160->162 163 77b21d1-77b21e7 161->163 164 77b20c6-77b20d2 161->164 162->154 200 77b22d4-77b281b 162->200 170 77b2239-77b224b 163->170 171 77b21e9-77b21ec 163->171 164->154 166 77b20d8-77b20e4 164->166 167 77b215b-77b2161 166->167 168 77b20e6-77b20fa 166->168 167->154 172 77b2167-77b217f 167->172 168->167 178 77b20fc-77b2105 168->178 182 77b2a0c-77b2ac2 170->182 183 77b2251-77b2261 170->183 171->154 174 77b21f2-77b222f 171->174 172->154 181 77b2185-77b21ad 172->181 174->162 196 77b2231-77b2237 174->196 178->152 181->160 182->154 196->170 196->171 278 77b281d-77b2827 200->278 279 77b2832-77b28c5 200->279 280 77b282d 278->280 281 77b28d0-77b2963 278->281 279->281 282 77b296e-77b2a01 280->282 281->282 282->182
                                Strings
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID: D
                                • API String ID: 0-2746444292
                                • Opcode ID: 768c4eebcf4408f0473288f1065c68c2c602d8793f57be0123079959eef092e4
                                • Instruction ID: acf44d17adaa5b60c3942a1168512af497b079099cd1979150acd584e32963a1
                                • Opcode Fuzzy Hash: 768c4eebcf4408f0473288f1065c68c2c602d8793f57be0123079959eef092e4
                                • Instruction Fuzzy Hash: 0152D374A042299FDB64DF64D898B99B7B6FF89300F1081E9D50AA7364DB30AEC1CF50
                                Function 0336CFF1 Relevance: 6.1, APIs: 4, Instructions: 129threadCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                • GetCurrentProcess.KERNEL32 ref: 0336D07E
                                • GetCurrentThread.KERNEL32 ref: 0336D0BB
                                • GetCurrentProcess.KERNEL32 ref: 0336D0F8
                                • GetCurrentThreadId.KERNEL32 ref: 0336D151
                                Memory Dump Source
                                • Source File: 00000008.00000002.1457543230.0000000003360000.00000040.00000800.00020000.00000000.sdmp, Offset: 03360000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_3360000_remcos.jbxd
                                Similarity
                                • API ID: Current$ProcessThread
                                • String ID:
                                • API String ID: 2063062207-0
                                • Opcode ID: a4efb3aa6668e27607a37a44639b27d17f64e0cb57d7b0c619164cba880d04cf
                                • Instruction ID: 4fe6b6a41ea42ac23f09eb9bf45936399a023e14a5c659e6762a2b1902ff9c41
                                • Opcode Fuzzy Hash: a4efb3aa6668e27607a37a44639b27d17f64e0cb57d7b0c619164cba880d04cf
                                • Instruction Fuzzy Hash: 115167B49107498FDB14CFAAD988B9EBBF1EF48304F24C459E809A7390DB786944CF65
                                Function 0336D000 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                • GetCurrentProcess.KERNEL32 ref: 0336D07E
                                • GetCurrentThread.KERNEL32 ref: 0336D0BB
                                • GetCurrentProcess.KERNEL32 ref: 0336D0F8
                                • GetCurrentThreadId.KERNEL32 ref: 0336D151
                                Memory Dump Source
                                • Source File: 00000008.00000002.1457543230.0000000003360000.00000040.00000800.00020000.00000000.sdmp, Offset: 03360000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_3360000_remcos.jbxd
                                Similarity
                                • API ID: Current$ProcessThread
                                • String ID:
                                • API String ID: 2063062207-0
                                • Opcode ID: 0e4c17073ed3f71accc9b039c35eda59441b7add6ca24efcc79663047dc930ac
                                • Instruction ID: 6d4377ebbac9f703b682e137ed6a13d980b2883a96593e3919697e3709021ad1
                                • Opcode Fuzzy Hash: 0e4c17073ed3f71accc9b039c35eda59441b7add6ca24efcc79663047dc930ac
                                • Instruction Fuzzy Hash: AD5177B49107498FDB14CFAAC988B9EBBF1EF48304F20C459E809A7390DB74A844CF65
                                Function 077D1415 Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 307 77d1415-77d141e 308 77d1425-77d14b5 307->308 309 77d1420-77d1424 307->309 311 77d14ee-77d150e 308->311 312 77d14b7-77d14c1 308->312 309->308 317 77d1547-77d1576 311->317 318 77d1510-77d151a 311->318 312->311 313 77d14c3-77d14c5 312->313 314 77d14e8-77d14eb 313->314 315 77d14c7-77d14d1 313->315 314->311 319 77d14d5-77d14e4 315->319 320 77d14d3 315->320 328 77d15af-77d1669 CreateProcessA 317->328 329 77d1578-77d1582 317->329 318->317 321 77d151c-77d151e 318->321 319->319 322 77d14e6 319->322 320->319 323 77d1541-77d1544 321->323 324 77d1520-77d152a 321->324 322->314 323->317 326 77d152c 324->326 327 77d152e-77d153d 324->327 326->327 327->327 330 77d153f 327->330 340 77d166b-77d1671 328->340 341 77d1672-77d16f8 328->341 329->328 331 77d1584-77d1586 329->331 330->323 333 77d15a9-77d15ac 331->333 334 77d1588-77d1592 331->334 333->328 335 77d1594 334->335 336 77d1596-77d15a5 334->336 335->336 336->336 338 77d15a7 336->338 338->333 340->341 351 77d1708-77d170c 341->351 352 77d16fa-77d16fe 341->352 353 77d171c-77d1720 351->353 354 77d170e-77d1712 351->354 352->351 355 77d1700 352->355 357 77d1730-77d1734 353->357 358 77d1722-77d1726 353->358 354->353 356 77d1714 354->356 355->351 356->353 360 77d1746-77d174d 357->360 361 77d1736-77d173c 357->361 358->357 359 77d1728 358->359 359->357 362 77d174f-77d175e 360->362 363 77d1764 360->363 361->360 362->363 364 77d1765 363->364 364->364
                                APIs
                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 077D1656
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464578664.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77d0000_remcos.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: 981c28afe3b39e62ebf4b3bd732d1122bc7f41c43b13c64d050c40a0ff8c8209
                                • Instruction ID: 588276505626207cdc8f93982cdcb863aae51d16192270a31cf78db46760f786
                                • Opcode Fuzzy Hash: 981c28afe3b39e62ebf4b3bd732d1122bc7f41c43b13c64d050c40a0ff8c8209
                                • Instruction Fuzzy Hash: 92A15CB1E0031ECFEB20CFA8C8457EEBBB2AB49310F558569D849A7240DB759D85CF91
                                Function 077D1420 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 366 77d1420-77d14b5 369 77d14ee-77d150e 366->369 370 77d14b7-77d14c1 366->370 375 77d1547-77d1576 369->375 376 77d1510-77d151a 369->376 370->369 371 77d14c3-77d14c5 370->371 372 77d14e8-77d14eb 371->372 373 77d14c7-77d14d1 371->373 372->369 377 77d14d5-77d14e4 373->377 378 77d14d3 373->378 386 77d15af-77d1669 CreateProcessA 375->386 387 77d1578-77d1582 375->387 376->375 379 77d151c-77d151e 376->379 377->377 380 77d14e6 377->380 378->377 381 77d1541-77d1544 379->381 382 77d1520-77d152a 379->382 380->372 381->375 384 77d152c 382->384 385 77d152e-77d153d 382->385 384->385 385->385 388 77d153f 385->388 398 77d166b-77d1671 386->398 399 77d1672-77d16f8 386->399 387->386 389 77d1584-77d1586 387->389 388->381 391 77d15a9-77d15ac 389->391 392 77d1588-77d1592 389->392 391->386 393 77d1594 392->393 394 77d1596-77d15a5 392->394 393->394 394->394 396 77d15a7 394->396 396->391 398->399 409 77d1708-77d170c 399->409 410 77d16fa-77d16fe 399->410 411 77d171c-77d1720 409->411 412 77d170e-77d1712 409->412 410->409 413 77d1700 410->413 415 77d1730-77d1734 411->415 416 77d1722-77d1726 411->416 412->411 414 77d1714 412->414 413->409 414->411 418 77d1746-77d174d 415->418 419 77d1736-77d173c 415->419 416->415 417 77d1728 416->417 417->415 420 77d174f-77d175e 418->420 421 77d1764 418->421 419->418 420->421 422 77d1765 421->422 422->422
                                APIs
                                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 077D1656
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464578664.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77d0000_remcos.jbxd
                                Similarity
                                • API ID: CreateProcess
                                • String ID:
                                • API String ID: 963392458-0
                                • Opcode ID: deeb61d1b7243082842ea8b03fd34bbcdf852f7093546bd681df0db928b8309a
                                • Instruction ID: 50c4ff920da1085fec28e1df1c4f82e42e0467a81095f829ae838e91d96c12d3
                                • Opcode Fuzzy Hash: deeb61d1b7243082842ea8b03fd34bbcdf852f7093546bd681df0db928b8309a
                                • Instruction Fuzzy Hash: 21914AB1E0031ECFEB20CFA8C8457EEBBB2AB48310F558569D849A7240DB759D85CF91
                                Function 0336AD68 Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 424 336ad68-336ad77 425 336ada3-336ada7 424->425 426 336ad79-336ad86 call 336a08c 424->426 427 336adbb-336adfc 425->427 428 336ada9-336adb3 425->428 433 336ad9c 426->433 434 336ad88 426->434 435 336adfe-336ae06 427->435 436 336ae09-336ae17 427->436 428->427 433->425 479 336ad8e call 336aff0 434->479 480 336ad8e call 336b000 434->480 435->436 438 336ae3b-336ae3d 436->438 439 336ae19-336ae1e 436->439 437 336ad94-336ad96 437->433 440 336aed8-336af98 437->440 441 336ae40-336ae47 438->441 442 336ae20-336ae27 call 336a098 439->442 443 336ae29 439->443 474 336afa0-336afcb GetModuleHandleW 440->474 475 336af9a-336af9d 440->475 445 336ae54-336ae5b 441->445 446 336ae49-336ae51 441->446 444 336ae2b-336ae39 442->444 443->444 444->441 448 336ae5d-336ae65 445->448 449 336ae68-336ae71 call 336a0a8 445->449 446->445 448->449 455 336ae73-336ae7b 449->455 456 336ae7e-336ae83 449->456 455->456 457 336ae85-336ae8c 456->457 458 336aea1-336aea5 456->458 457->458 460 336ae8e-336ae9e call 336a0b8 call 336a0c8 457->460 461 336aeab-336aeae 458->461 460->458 464 336aeb0-336aece 461->464 465 336aed1-336aed7 461->465 464->465 476 336afd4-336afe8 474->476 477 336afcd-336afd3 474->477 475->474 477->476 479->437 480->437
                                APIs
                                • GetModuleHandleW.KERNELBASE(00000000), ref: 0336AFBE
                                Memory Dump Source
                                • Source File: 00000008.00000002.1457543230.0000000003360000.00000040.00000800.00020000.00000000.sdmp, Offset: 03360000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_3360000_remcos.jbxd
                                Similarity
                                • API ID: HandleModule
                                • String ID:
                                • API String ID: 4139908857-0
                                • Opcode ID: 5a50bd23a04857327b2454a1e6d5351b629501eaca6166a8a1526b87c4251b5c
                                • Instruction ID: 90a3b489b6cf5c5ebd92a403f776c29b149a89a26ed77873274e188fa7c43fac
                                • Opcode Fuzzy Hash: 5a50bd23a04857327b2454a1e6d5351b629501eaca6166a8a1526b87c4251b5c
                                • Instruction Fuzzy Hash: 617146B0A00B058FD724DF69D48475ABBF5FF88304F048A2ED48AEBA54D775E849CB91
                                Function 033644B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 481 33644b4-33659d9 CreateActCtxA 484 33659e2-3365a3c 481->484 485 33659db-33659e1 481->485 492 3365a3e-3365a41 484->492 493 3365a4b-3365a4f 484->493 485->484 492->493 494 3365a60 493->494 495 3365a51-3365a5d 493->495 496 3365a61 494->496 495->494 496->496
                                APIs
                                • CreateActCtxA.KERNEL32(?), ref: 033659C9
                                Memory Dump Source
                                • Source File: 00000008.00000002.1457543230.0000000003360000.00000040.00000800.00020000.00000000.sdmp, Offset: 03360000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_3360000_remcos.jbxd
                                Similarity
                                • API ID: Create
                                • String ID:
                                • API String ID: 2289755597-0
                                • Opcode ID: 29d1a7aea90575f36a686dfe2a02b045dade39bc7f5131ed537b8e1f0e8a30b4
                                • Instruction ID: 0ea20fdd9a4642c50d7fb88cdd84039ce57a3279cc356829957b2dfb03981e25
                                • Opcode Fuzzy Hash: 29d1a7aea90575f36a686dfe2a02b045dade39bc7f5131ed537b8e1f0e8a30b4
                                • Instruction Fuzzy Hash: 4941CFB0C0071DCFEB25DFAAC884B9EBBF5AF4A704F20806AD408AB255DB756945CF50
                                Function 0336590C Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 498 336590c-33659d9 CreateActCtxA 500 33659e2-3365a3c 498->500 501 33659db-33659e1 498->501 508 3365a3e-3365a41 500->508 509 3365a4b-3365a4f 500->509 501->500 508->509 510 3365a60 509->510 511 3365a51-3365a5d 509->511 512 3365a61 510->512 511->510 512->512
                                APIs
                                • CreateActCtxA.KERNEL32(?), ref: 033659C9
                                Memory Dump Source
                                • Source File: 00000008.00000002.1457543230.0000000003360000.00000040.00000800.00020000.00000000.sdmp, Offset: 03360000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_3360000_remcos.jbxd
                                Similarity
                                • API ID: Create
                                • String ID:
                                • API String ID: 2289755597-0
                                • Opcode ID: ddf85e73b6a041915e7136fde19dadda8f538e1f29dc3f949da6035851c9bc76
                                • Instruction ID: 1a5e9d5cf416c02ccd9cf1677aba845e2c7fb6736a61de1ae105a334392713a7
                                • Opcode Fuzzy Hash: ddf85e73b6a041915e7136fde19dadda8f538e1f29dc3f949da6035851c9bc76
                                • Instruction Fuzzy Hash: 8441CFB0C00719CFEB25CFAAC88479EBBF1BF49704F24846AD808AB255DB756945CF50
                                Function 077D1190 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 514 77d1190-77d11e6 516 77d11e8-77d11f4 514->516 517 77d11f6-77d1235 WriteProcessMemory 514->517 516->517 519 77d123e-77d126e 517->519 520 77d1237-77d123d 517->520 520->519
                                APIs
                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 077D1228
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464578664.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77d0000_remcos.jbxd
                                Similarity
                                • API ID: MemoryProcessWrite
                                • String ID:
                                • API String ID: 3559483778-0
                                • Opcode ID: c92481db14b11869bc2b780c4fb95a5d5f6524ffea2c532c7dfee3296f38e9f2
                                • Instruction ID: cf2a56a2abc7be1856ba25799571f4f34b2b5746bb38bda505a8a448d012cf32
                                • Opcode Fuzzy Hash: c92481db14b11869bc2b780c4fb95a5d5f6524ffea2c532c7dfee3296f38e9f2
                                • Instruction Fuzzy Hash: 2B215AB6900309DFDB10CFA9C9857EEBBF1FF48310F14882AE918A7240D7799944CBA0
                                Function 077D1198 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 524 77d1198-77d11e6 526 77d11e8-77d11f4 524->526 527 77d11f6-77d1235 WriteProcessMemory 524->527 526->527 529 77d123e-77d126e 527->529 530 77d1237-77d123d 527->530 530->529
                                APIs
                                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 077D1228
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464578664.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77d0000_remcos.jbxd
                                Similarity
                                • API ID: MemoryProcessWrite
                                • String ID:
                                • API String ID: 3559483778-0
                                • Opcode ID: 99e567a26fa9637f4efb28b397ad6c0e255f8a21a124b9885bd97e1d95b0f0e0
                                • Instruction ID: 56431c210da34bf97578c78a908898da64307db563e444ffdc7452bdfe02bc72
                                • Opcode Fuzzy Hash: 99e567a26fa9637f4efb28b397ad6c0e255f8a21a124b9885bd97e1d95b0f0e0
                                • Instruction Fuzzy Hash: F12128B5900349DFDB10CFA9C8857DEBBF5FF48310F548429E918A7240D7799944CBA0
                                Function 077D0BC0 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 534 77d0bc0-77d0bc2 535 77d0bcb-77d0bcc 534->535 536 77d0bc4-77d0bc6 534->536 537 77d0bcd-77d0c13 535->537 536->537 538 77d0bc8-77d0bc9 536->538 540 77d0c15-77d0c21 537->540 541 77d0c23-77d0c53 Wow64SetThreadContext 537->541 538->535 540->541 543 77d0c5c-77d0c8c 541->543 544 77d0c55-77d0c5b 541->544 544->543
                                APIs
                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 077D0C46
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464578664.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77d0000_remcos.jbxd
                                Similarity
                                • API ID: ContextThreadWow64
                                • String ID:
                                • API String ID: 983334009-0
                                • Opcode ID: cc1522a08c16bcd04eef4c54b35291877d754f249d4b5b552d577ea238b6350b
                                • Instruction ID: df684faedd0a73361debfb13858a2bcc76266696304fd81db7ca75621b1faf6f
                                • Opcode Fuzzy Hash: cc1522a08c16bcd04eef4c54b35291877d754f249d4b5b552d577ea238b6350b
                                • Instruction Fuzzy Hash: 462179B5D043098FDB10DFAAC484BEEBBF4EF49314F14842AD519A7240D778A945CFA4
                                Function 077D1280 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 548 77d1280-77d1282 549 77d128b-77d128c 548->549 550 77d1284-77d1286 548->550 551 77d128d-77d1315 ReadProcessMemory 549->551 550->551 552 77d1288-77d1289 550->552 555 77d131e-77d134e 551->555 556 77d1317-77d131d 551->556 552->549 556->555
                                APIs
                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 077D1308
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464578664.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77d0000_remcos.jbxd
                                Similarity
                                • API ID: MemoryProcessRead
                                • String ID:
                                • API String ID: 1726664587-0
                                • Opcode ID: e5bbab7af0ba91ae9ce13b7791a701039865498f4d52ef3893e80477ca8e6d01
                                • Instruction ID: 66af89c00d0426f7b1c2192257f296dab0312724518a2b9820f7526936a34315
                                • Opcode Fuzzy Hash: e5bbab7af0ba91ae9ce13b7791a701039865498f4d52ef3893e80477ca8e6d01
                                • Instruction Fuzzy Hash: 0D2127B190034D9FDB10CFAAC880BEEBBF5FF48310F55842AE519A7640D779A9458BA0
                                Function 077D0BC8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 560 77d0bc8-77d0c13 564 77d0c15-77d0c21 560->564 565 77d0c23-77d0c53 Wow64SetThreadContext 560->565 564->565 567 77d0c5c-77d0c8c 565->567 568 77d0c55-77d0c5b 565->568 568->567
                                APIs
                                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 077D0C46
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464578664.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77d0000_remcos.jbxd
                                Similarity
                                • API ID: ContextThreadWow64
                                • String ID:
                                • API String ID: 983334009-0
                                • Opcode ID: a99b81a22977538e017bf58e2aea2580737de7525450e828feaefc3558b3e656
                                • Instruction ID: 858349711ff04bf3d26982748bf752e53cf5750d71e5b2e8635b5619ba25a168
                                • Opcode Fuzzy Hash: a99b81a22977538e017bf58e2aea2580737de7525450e828feaefc3558b3e656
                                • Instruction Fuzzy Hash: 3F2147B1D003098FDB10DFAAC4857EEBBF4EF48310F14842AD559A7240C778A944CFA0
                                Function 077D1288 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 572 77d1288-77d1315 ReadProcessMemory 577 77d131e-77d134e 572->577 578 77d1317-77d131d 572->578 578->577
                                APIs
                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 077D1308
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464578664.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77d0000_remcos.jbxd
                                Similarity
                                • API ID: MemoryProcessRead
                                • String ID:
                                • API String ID: 1726664587-0
                                • Opcode ID: 8a0aaf3f73e575e26d5a6c9255af162639975a87676c01bf9f981692e7bddc0a
                                • Instruction ID: ac5d83190e398f258d7741a6263667f0c7720837b651a52c4e9df9dc956570f2
                                • Opcode Fuzzy Hash: 8a0aaf3f73e575e26d5a6c9255af162639975a87676c01bf9f981692e7bddc0a
                                • Instruction Fuzzy Hash: A12125B19003499FDB10CFAAC884BEEFBF5FF48310F54842AE918A7240C7799944CBA0
                                Function 0336D650 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                Download Yara Rule
                                APIs
                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0336D6D7
                                Memory Dump Source
                                • Source File: 00000008.00000002.1457543230.0000000003360000.00000040.00000800.00020000.00000000.sdmp, Offset: 03360000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_3360000_remcos.jbxd
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: 7fff9975074caa2d7025c47bb0fde9d8753f73b7b44ad45718156648adba1b9d
                                • Instruction ID: 985cc3b971553a6b54365d2ba6e2cc6a0ee16045d198a8dda61224dff126dc9a
                                • Opcode Fuzzy Hash: 7fff9975074caa2d7025c47bb0fde9d8753f73b7b44ad45718156648adba1b9d
                                • Instruction Fuzzy Hash: 3421D3B5900249DFDB10CFAAD984ADEFBF8FB48310F14841AE918A7350D379A954CFA5
                                Function 0336D648 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                Download Yara Rule
                                APIs
                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0336D6D7
                                Memory Dump Source
                                • Source File: 00000008.00000002.1457543230.0000000003360000.00000040.00000800.00020000.00000000.sdmp, Offset: 03360000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_3360000_remcos.jbxd
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: c9ee2ec4639ea4c1e47a40baa7a7847268e9d989e3576ff8ee28dcc0fd01cf3a
                                • Instruction ID: 988dfc9960b45b0d0ae0b1ef8c3601a498b03a34a5b05941c956ac960af84267
                                • Opcode Fuzzy Hash: c9ee2ec4639ea4c1e47a40baa7a7847268e9d989e3576ff8ee28dcc0fd01cf3a
                                • Instruction Fuzzy Hash: 6121E2B5900249DFDB10CFAAE984ADEFBF4EB48314F14842AE918A7350C378A954CF64
                                Function 077D10D1 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 077D1146
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464578664.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77d0000_remcos.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: b8f09b3bda8aa592299e7d055ff22a9cf0b6a4087fca675bf3fe8f39232d2f04
                                • Instruction ID: 547886a4d3058117de78ad2448e33d503ba5a24c1ee6389a7fdf92bd38f3c669
                                • Opcode Fuzzy Hash: b8f09b3bda8aa592299e7d055ff22a9cf0b6a4087fca675bf3fe8f39232d2f04
                                • Instruction Fuzzy Hash: 1E1129B69002499FDB10DFAAD844BDFBBF5EF49310F148829E519A7250C776A944CFA0
                                Function 077B4FDF Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID: @
                                • API String ID: 0-2766056989
                                • Opcode ID: 56a1ec9aae67f35931659b5261f4deba36371def10e1387f9901c7a5fb8bb352
                                • Instruction ID: 5ae65e7991e6ada3871cb2fd1c1abbb891e95d2e609b25075cca8f98cbbe5d1a
                                • Opcode Fuzzy Hash: 56a1ec9aae67f35931659b5261f4deba36371def10e1387f9901c7a5fb8bb352
                                • Instruction Fuzzy Hash: C5E18FB4E002198FDB64CFA8C880BDDBBF1EB89354F2495AAD918E7345D731A985CF50
                                Function 077D10D8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 077D1146
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464578664.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77d0000_remcos.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 8f3ae084d356798299085eb6182d1bf91796b32a123c261679cb83e2aa659c53
                                • Instruction ID: 80d979c51465b75653f8601f766f56c755e30ade0e3000cffe58e64fd3a09b76
                                • Opcode Fuzzy Hash: 8f3ae084d356798299085eb6182d1bf91796b32a123c261679cb83e2aa659c53
                                • Instruction Fuzzy Hash: F21137B69003499FDB10DFAAC844BDEBBF5EF48310F148829E519A7250C77AA944CFA0
                                Function 077D0B10 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464578664.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77d0000_remcos.jbxd
                                Similarity
                                • API ID: ResumeThread
                                • String ID:
                                • API String ID: 947044025-0
                                • Opcode ID: d20ac74109ddd8c4ba8d12b64ddb9bd4e8f4200b0beb069eed14931ee355ca3c
                                • Instruction ID: c64bb40dbadde65dbfb34d5802d953469d157f518b3c62e68f4db288a5d81804
                                • Opcode Fuzzy Hash: d20ac74109ddd8c4ba8d12b64ddb9bd4e8f4200b0beb069eed14931ee355ca3c
                                • Instruction Fuzzy Hash: FF1188B5D043498FDB10CFAAC8447EEFBF4EB89224F248429C459A7240C779A940CFA4
                                Function 077D0B18 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464578664.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77d0000_remcos.jbxd
                                Similarity
                                • API ID: ResumeThread
                                • String ID:
                                • API String ID: 947044025-0
                                • Opcode ID: ca3376425008bc3bda4d3a4ab3d2ff644e84dd41ccf3f001787622ec99e03d14
                                • Instruction ID: 560cad5a2fa396d1773d78e9e0eeb08c1e55f9aa589f49699718224c14995bf0
                                • Opcode Fuzzy Hash: ca3376425008bc3bda4d3a4ab3d2ff644e84dd41ccf3f001787622ec99e03d14
                                • Instruction Fuzzy Hash: 5E116AB1D043098FDB10DFAAC8447EEFBF4EF88214F148429C459A7240C779A944CB94
                                Function 0336AF58 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                Download Yara Rule
                                APIs
                                • GetModuleHandleW.KERNELBASE(00000000), ref: 0336AFBE
                                Memory Dump Source
                                • Source File: 00000008.00000002.1457543230.0000000003360000.00000040.00000800.00020000.00000000.sdmp, Offset: 03360000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_3360000_remcos.jbxd
                                Similarity
                                • API ID: HandleModule
                                • String ID:
                                • API String ID: 4139908857-0
                                • Opcode ID: e99f1e420f18aeac2bd490856e5aaa48db60d48cdf4f06466c1bbd80f609e9bc
                                • Instruction ID: 9b6e0d41133dff68f82defb26630653b76ef800c773c390ecd72d50621c44edd
                                • Opcode Fuzzy Hash: e99f1e420f18aeac2bd490856e5aaa48db60d48cdf4f06466c1bbd80f609e9bc
                                • Instruction Fuzzy Hash: 291110B5C002498FDB10CF9AC844BDEFBF8AF88314F14852AD819B7604C3B9A545CFA1
                                Function 077D4CF9 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                Download Yara Rule
                                APIs
                                • PostMessageW.USER32(?,?,?,?), ref: 077D4D5D
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464578664.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77d0000_remcos.jbxd
                                Similarity
                                • API ID: MessagePost
                                • String ID:
                                • API String ID: 410705778-0
                                • Opcode ID: 3306b2d15e089dac1cee540a3e9712b3f78ed204c032dfbdab4f480ada1f0f95
                                • Instruction ID: b2a651bd8493fd8e54aa095cfa8abc2d8a2ee6b3fb542a2d72533054aa5c9450
                                • Opcode Fuzzy Hash: 3306b2d15e089dac1cee540a3e9712b3f78ed204c032dfbdab4f480ada1f0f95
                                • Instruction Fuzzy Hash: 0E11F2B58003499FDB20CF9AC949BDEFBF8FB49314F14881AD958A7640D379A954CFA0
                                Function 077D4D00 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                Download Yara Rule
                                APIs
                                • PostMessageW.USER32(?,?,?,?), ref: 077D4D5D
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464578664.00000000077D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077D0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77d0000_remcos.jbxd
                                Similarity
                                • API ID: MessagePost
                                • String ID:
                                • API String ID: 410705778-0
                                • Opcode ID: c4c26a404a15078a65d4e1f91b37b2c02495e83c3701cedfa457509e68f4f884
                                • Instruction ID: 580e4da12803b035b8857090f2f0160bd214aa155f3a09de5d661319b8341c7a
                                • Opcode Fuzzy Hash: c4c26a404a15078a65d4e1f91b37b2c02495e83c3701cedfa457509e68f4f884
                                • Instruction Fuzzy Hash: 8211D3B58003499FDB10DF9AD845BDEFBF8EB48310F10841AD958A7650C375A944CFA5
                                Function 077B7EF9 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID: ;
                                • API String ID: 0-1661535913
                                • Opcode ID: ac64788d640f5895a734d8b49ae5254db1a1802dc59c8b431ea59d72ac4c86dc
                                • Instruction ID: 6d1cfdec63165f4684cb06512a64ec3fcce158cd8562560c9c9cffcb114147f2
                                • Opcode Fuzzy Hash: ac64788d640f5895a734d8b49ae5254db1a1802dc59c8b431ea59d72ac4c86dc
                                • Instruction Fuzzy Hash: F50181B5E1530ADFDB29DFA5D4467EEF7B4FB85340F10496AD80593240EB30AA42CB94
                                Function 077B7450 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID: m
                                • API String ID: 0-3775001192
                                • Opcode ID: c8c114ea0664a15d2040f2088b7b1e12dceae469f068e57c867e90808fe984da
                                • Instruction ID: db7ce9cd259e6955ad0571f7ccd00aa99bac05e76c8dcb5c7efc8ab3391cf4d2
                                • Opcode Fuzzy Hash: c8c114ea0664a15d2040f2088b7b1e12dceae469f068e57c867e90808fe984da
                                • Instruction Fuzzy Hash: 2EE0C2B0D06208DBCB2CEFB4D4047EDBBB89746242F00099AC40593240E7305A44DAE1
                                Function 077B3348 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID: 6
                                • API String ID: 0-498629140
                                • Opcode ID: cc3331172f9864581ebb9fccc6f1ef1fa21edda8e82e44fc9788f6c249364010
                                • Instruction ID: dde1c039ff801ae59ea8e8bcb57ddc8e28c4e0c5d126db1a31ab35b0b846bb70
                                • Opcode Fuzzy Hash: cc3331172f9864581ebb9fccc6f1ef1fa21edda8e82e44fc9788f6c249364010
                                • Instruction Fuzzy Hash: F5E08CB0805308EBDB28DFA4D409BAEBBB8E70A242F104999D40593240EB315A88D741
                                Function 077B4038 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID: 7
                                • API String ID: 0-1790921346
                                • Opcode ID: 0a750640dc1fb047430c976e0bb2199053af3273bc1824fb2ff1f4023f1b7540
                                • Instruction ID: c6af25067d75e0cacfc05dd8a2fa0fcc9d50704269c9fb8d98d19957ced4904c
                                • Opcode Fuzzy Hash: 0a750640dc1fb047430c976e0bb2199053af3273bc1824fb2ff1f4023f1b7540
                                • Instruction Fuzzy Hash: AAE0C2B090624CEBCB24EFF4E4057EDB7B8AB06240F4005D8C40693241E7301A44C641
                                Function 077B2C38 Relevance: .4, Instructions: 433COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a7bd7fda9a2750cd5bbdf1964fe8a2475042532de77569583cde3dc45f8b9812
                                • Instruction ID: 27550e28987b80887b405a2d5ef85cf6386f6e7bfa6e6601d238d2ea6bc057f7
                                • Opcode Fuzzy Hash: a7bd7fda9a2750cd5bbdf1964fe8a2475042532de77569583cde3dc45f8b9812
                                • Instruction Fuzzy Hash: 54E1AEB1B102168FCB29DF79D8587AEBBE6FF89240B144869E406DB361DF30DC418B90
                                Function 077B3D9E Relevance: .2, Instructions: 233COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 70a8485c4a278dbba1b10828865520ca0f6f29b493574d231a35fe099b54b121
                                • Instruction ID: fd1cfab3ce2747788e364b6ee2149aeb7efb620ee4493f03f00d228816f287bd
                                • Opcode Fuzzy Hash: 70a8485c4a278dbba1b10828865520ca0f6f29b493574d231a35fe099b54b121
                                • Instruction Fuzzy Hash: F691D3B4E042199FDB54DFA9C880AEDBBF6EF89350F10856AD819E7344E735A942CF40
                                Function 077B6D37 Relevance: .2, Instructions: 193COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e94596b73321b6b53e4d57c4fdd2e355629dd9abdae991a05240620a60f39680
                                • Instruction ID: 450965684ade7886c4b69ac9b26e243c9f583be1eb15ac4217e37bf15dcc3c00
                                • Opcode Fuzzy Hash: e94596b73321b6b53e4d57c4fdd2e355629dd9abdae991a05240620a60f39680
                                • Instruction Fuzzy Hash: D98170B5E042198FDF11CFA8C880AEEBBB5EB49254F1084A9E919EB211D731A956CF40
                                Function 077B80EA Relevance: .2, Instructions: 166COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4b17c98f021ce556f0e52f920d00109d7f24a24c3b86fe7317d38e1726bd2582
                                • Instruction ID: 5aef5197c972b457aff2ebb42d24cd35328ad4e63e4d51b3d86ae923183293dd
                                • Opcode Fuzzy Hash: 4b17c98f021ce556f0e52f920d00109d7f24a24c3b86fe7317d38e1726bd2582
                                • Instruction Fuzzy Hash: BB619EB4E052198FCB20DFA8C980AEDFBF5BB49350F249959D809E7305D734A981CF91
                                Function 077B4894 Relevance: .2, Instructions: 158COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 216475d28b9e8835f155076344d670d5b636f1c241d668825dc62bfa3e6b71e9
                                • Instruction ID: 12c60ccab465306c1e664cfb01643875a504589d63b0756f78f7c293cb6f9459
                                • Opcode Fuzzy Hash: 216475d28b9e8835f155076344d670d5b636f1c241d668825dc62bfa3e6b71e9
                                • Instruction Fuzzy Hash: 5051CF70B003169FDB15DB799888AAEBBF7EFC4260B188529E419DB351DB309D0587A1
                                Function 077BAE30 Relevance: .1, Instructions: 134COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7088e335ba5cb7a651fbd132c35b4bf8f5f61a791a8e04a2d84a43fe5779004f
                                • Instruction ID: 880f0d3e887eb46f578ff8d45ff285d2e6b5fe5ebd137d9b4f0a0048f16df262
                                • Opcode Fuzzy Hash: 7088e335ba5cb7a651fbd132c35b4bf8f5f61a791a8e04a2d84a43fe5779004f
                                • Instruction Fuzzy Hash: 7951D6B4D14218CFDB18DFA6C884BEEBBB6BF89340F10D02AD419AB255DB749805CB50
                                Function 077BC6D8 Relevance: .1, Instructions: 132COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 81df81399c5adae648115a82151c5c0e7445d754d4e8c6e49f08d13bc639ba08
                                • Instruction ID: 197c5f83cce19222b88243cfee12c97e4c46936dc3dc1a6eb22efe5d33980a79
                                • Opcode Fuzzy Hash: 81df81399c5adae648115a82151c5c0e7445d754d4e8c6e49f08d13bc639ba08
                                • Instruction Fuzzy Hash: B851E4B4918209CFDB19CFA9C5846EDFBBABB8E341F14D569D409A7202D734A941CFA0
                                Function 077B86E0 Relevance: .1, Instructions: 114COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fb1178dc29ba977be16d351faed0f0b262d4b5e1ba9cbe13d5cc36bf8036df28
                                • Instruction ID: d4ebea111e9b2480e839261899b5735c527ebe652500a4218d0cce36a3641ce9
                                • Opcode Fuzzy Hash: fb1178dc29ba977be16d351faed0f0b262d4b5e1ba9cbe13d5cc36bf8036df28
                                • Instruction Fuzzy Hash: 2E4126B8E00209DFCB54DFA8D880BEEB7F6EB89254F148969D815E7340DB35AD41CB91
                                Function 077B86CF Relevance: .1, Instructions: 107COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6c3f20999ccffcc4ff15975d6159b811d77beb4de6989604890bebfe816bd452
                                • Instruction ID: 7dfa1116c3d6777856cce5ac750f359b6d935b51191961d2248fdcc30ffc39b8
                                • Opcode Fuzzy Hash: 6c3f20999ccffcc4ff15975d6159b811d77beb4de6989604890bebfe816bd452
                                • Instruction Fuzzy Hash: 5C4148B4E002099FDB54DFA8D880BEEB7F5EB89214F148869D815E7340DB359D42CB91
                                Function 077B4428 Relevance: .1, Instructions: 107COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c862df33043856c5d0d6d391f82d7595c46e7ccafbebc39c6b44b2b696cb2914
                                • Instruction ID: 4c872b70a1d6828f87071f81f90e56eb1e7d92282919cba91a6b8e2088f960f1
                                • Opcode Fuzzy Hash: c862df33043856c5d0d6d391f82d7595c46e7ccafbebc39c6b44b2b696cb2914
                                • Instruction Fuzzy Hash: 3641E7B5E002499FCB18DFA8D494AEDBBF2FF89310F108469E919A7345DB35AD42CB50
                                Function 077B2FB0 Relevance: .1, Instructions: 107COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 985bdf6cbf656e44a1c7f3f25184fc736de9322a90fd8d0eaf0d9825ecd6c438
                                • Instruction ID: 73c6eb256b3f713705da513751c08d7f16107197ae41031603fe6c06a5439558
                                • Opcode Fuzzy Hash: 985bdf6cbf656e44a1c7f3f25184fc736de9322a90fd8d0eaf0d9825ecd6c438
                                • Instruction Fuzzy Hash: D041C5B4E1020A9FDB59DFB9D8556EEBBF5EF49241F108825E806E3250EB30E941CB50
                                Function 077BAE20 Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 37002c08453881c8ecc06f480b2b7057c52f9185803e35646ed9bf83979e6dd1
                                • Instruction ID: 8595ad3796c551e86a9f80c7cfc72a8c4b8c2280f5cc4658b7ea47160468425a
                                • Opcode Fuzzy Hash: 37002c08453881c8ecc06f480b2b7057c52f9185803e35646ed9bf83979e6dd1
                                • Instruction Fuzzy Hash: B141FAB4D18218CFDB18DFE6C8457EEBBB6BF89340F10D02AD419AB258DB745945CB50
                                Function 077B592C Relevance: .1, Instructions: 103COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f9feacf545e5c1879137a2629dfcc48c8c5a6717f19105a7921cef832bdf8a88
                                • Instruction ID: 0939eba32d9bff11dfa4fc82f3f2355160a8648cc6a5b4e5af892a185c6d27b5
                                • Opcode Fuzzy Hash: f9feacf545e5c1879137a2629dfcc48c8c5a6717f19105a7921cef832bdf8a88
                                • Instruction Fuzzy Hash: E0316AB1904209EFDB14CFA9D845BDEBFF9EF88360F10846AE904A7210D735A944CFA1
                                Function 077B4417 Relevance: .1, Instructions: 100COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6ea26f9ad6de971b1738d959f8b045e93ef239f84d0dad1813faad68ee753368
                                • Instruction ID: 2eef42045fe932eefa5545ae244087106e8b7483e22fb31c5b2f1b7ec9511df3
                                • Opcode Fuzzy Hash: 6ea26f9ad6de971b1738d959f8b045e93ef239f84d0dad1813faad68ee753368
                                • Instruction Fuzzy Hash: 944106B5E002099FCB19DFA8D8947EEBBB2FF89310F148469E815A7344DB35AD42CB50
                                Function 077B5AB0 Relevance: .1, Instructions: 76COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c34442a99b320b3c90a2dad001122145f27a6e4d23fe0b46abfa4faf4ef80f8e
                                • Instruction ID: 2213d4eb7545903ee88a348221ef9ca90fd08f5b1eb05966a2c5ac66b630f56e
                                • Opcode Fuzzy Hash: c34442a99b320b3c90a2dad001122145f27a6e4d23fe0b46abfa4faf4ef80f8e
                                • Instruction Fuzzy Hash: 4C2135B5A043118FEB16EF7898507EFBBB7EFC5160B05446AC454CB241EF30890AC3A1
                                Function 017BD3D8 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1456804050.00000000017BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BD000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_17bd000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: aa8ab757c3f4f52974c98a2b35bdb5092fa545f02cd47572839c3730b4340b6c
                                • Instruction ID: 8322f38c48f362a6873aa27de447182b5ee8cb7ea8dbb862def77987c34be310
                                • Opcode Fuzzy Hash: aa8ab757c3f4f52974c98a2b35bdb5092fa545f02cd47572839c3730b4340b6c
                                • Instruction Fuzzy Hash: 1D2136B1500204DFDB25DF84C9C0B96FB65FB84318F24C5A9EC094B246C33AE446CAA2
                                Function 077B4ED8 Relevance: .1, Instructions: 74COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 847bec7555212fa17a5a47b8ed87d0bd0282fb122a93d2d7b8524e89233ab12d
                                • Instruction ID: ae5dfae7b6fbeb5be1c561951be6e493f953ca6c28437793eb0f7ff49485588b
                                • Opcode Fuzzy Hash: 847bec7555212fa17a5a47b8ed87d0bd0282fb122a93d2d7b8524e89233ab12d
                                • Instruction Fuzzy Hash: 61314CB4E1125ADFDF54DFA9D5856EEBBF4AB09240F14846AE814F3341E734AA40CF60
                                Function 0181D1D4 Relevance: .1, Instructions: 72COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1456989053.000000000181D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0181D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_181d000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6a11528591c646c4ba665082b47360dc8b63b76a56bff016a5e05f3ba021d408
                                • Instruction ID: 2c177c6747c66c15ddfe63b254409b28c80a5a88767153a03ce1957bb21dc0b8
                                • Opcode Fuzzy Hash: 6a11528591c646c4ba665082b47360dc8b63b76a56bff016a5e05f3ba021d408
                                • Instruction Fuzzy Hash: 41213772504344DFDB01DF94D5C4B65BBA9FB84328F24C76DD8098B28AC336E506CA61
                                Function 0181D01C Relevance: .1, Instructions: 72COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1456989053.000000000181D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0181D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_181d000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 193bfdd6a071b21fa7059781eb028732956d6baddba4ff8ab49bd34ecdf20d0a
                                • Instruction ID: 13283dc795a2bc63a2b9e4ad03a5c8f4da3d5ac78dc56105790b9ffd68c848dd
                                • Opcode Fuzzy Hash: 193bfdd6a071b21fa7059781eb028732956d6baddba4ff8ab49bd34ecdf20d0a
                                • Instruction Fuzzy Hash: 91213776504344DFDB15DF54D8C8B16BB69FB84314F24C66DD80A8B28AC33BD547CA62
                                Function 077B5C94 Relevance: .1, Instructions: 69COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5585df8fd4e397940f825656790b283eb9e09a90396621511eb216d837767837
                                • Instruction ID: f80148c47b31923adeb1b2b3801d166ddf16c4a3f28b38b539472b48a98fe9f2
                                • Opcode Fuzzy Hash: 5585df8fd4e397940f825656790b283eb9e09a90396621511eb216d837767837
                                • Instruction Fuzzy Hash: D931E0B0C01218EFDB20DF9AC989BCEBFF4AB08314F64856AE414BB240C7B55855CFA1
                                Function 077B5748 Relevance: .1, Instructions: 67COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d884fda44a2f08cee72aa4fa0f6f6f5691be9edfc41a582f79bc5d05e9b76be2
                                • Instruction ID: 1dcfbcfc0714c80362e2d060878ef289f2c4851e55a92ae63c9dbefc11350249
                                • Opcode Fuzzy Hash: d884fda44a2f08cee72aa4fa0f6f6f5691be9edfc41a582f79bc5d05e9b76be2
                                • Instruction Fuzzy Hash: D531EEB0D00318DFDB20DF9AC588BCEBBF4AB08314F64856AE418BB240C3B55855CFA5
                                Function 077B4EC9 Relevance: .1, Instructions: 64COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7e5783456ed34f3a7ecc05d1cb83a05cb3c29983f3d329b5c359242e29a8fed4
                                • Instruction ID: 18f8a17b57ddc1cb8113b8436dac8a67620c5f8971e0607a25f1b0512c0549f1
                                • Opcode Fuzzy Hash: 7e5783456ed34f3a7ecc05d1cb83a05cb3c29983f3d329b5c359242e29a8fed4
                                • Instruction Fuzzy Hash: ED2152B4E1025ADFDB54CFA9C5457EEFBF0AB08240F14846AD814F3241E734AA40CF61
                                Function 077B6FA0 Relevance: .1, Instructions: 62COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4c3fa072f9c74d0b21fda64365fda27f63c6fc850b4c18c849eb001e33f60796
                                • Instruction ID: d531f02da77ac92698f36e9d78c5364ca5957baecfb9da0d74324d3eff55207e
                                • Opcode Fuzzy Hash: 4c3fa072f9c74d0b21fda64365fda27f63c6fc850b4c18c849eb001e33f60796
                                • Instruction Fuzzy Hash: 4E11E071A09308EFDB15CBB4CC197AE7BF9EF45200F2448E6E804C7202EA359D058721
                                Function 077BF920 Relevance: .1, Instructions: 61COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1d298f2e3baa6c8053d9a48d9ea64bdb414ddaf399755da3d0392b1d0eb94815
                                • Instruction ID: 5a172b221a80d58d39957a20d7c067c9a9542ab16b082bba9c993b55fa01dc3d
                                • Opcode Fuzzy Hash: 1d298f2e3baa6c8053d9a48d9ea64bdb414ddaf399755da3d0392b1d0eb94815
                                • Instruction Fuzzy Hash: 8A11A3B1B10205ABDB38AA799C447FFB6AAFBC4A90F048529E816D7340EB30CD4187D1
                                Function 077BBCC9 Relevance: .1, Instructions: 59COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 154520c5420aa3846e1d903de52064f692c626adf3e187010941e410f5c79506
                                • Instruction ID: c06129f606640bf5976093b6ee6d9e5f3d7e66ba4d718f3b7d215ea5b93d28aa
                                • Opcode Fuzzy Hash: 154520c5420aa3846e1d903de52064f692c626adf3e187010941e410f5c79506
                                • Instruction Fuzzy Hash: 3B21D6B1D106188BEB18CFABC9457DEFEF7AFC9304F04C06AD41966264DB7419458F90
                                Function 077B5608 Relevance: .1, Instructions: 58COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 99f528ea8e94250b6dbf525fbb9130a898fc6d4ae4752a25dbcea78005600838
                                • Instruction ID: f33970ade5d9f972f13266a28a71b1210dbd5259fae94a3067b3b1862e9b4322
                                • Opcode Fuzzy Hash: 99f528ea8e94250b6dbf525fbb9130a898fc6d4ae4752a25dbcea78005600838
                                • Instruction Fuzzy Hash: A6115EB1B0021A8BDB14EBB998016EEB7F6AF88754F104079C505EB340EF318E15CBE1
                                Function 077B593C Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 997d7d3ddc15d73d206cf29e185793effb21ab469d4b08e426ec8d8e37ef0958
                                • Instruction ID: ac67e9b5aa59f0ffa88eba9d1d54e85d251533c2cfcf67d5882dc5078d5bac9c
                                • Opcode Fuzzy Hash: 997d7d3ddc15d73d206cf29e185793effb21ab469d4b08e426ec8d8e37ef0958
                                • Instruction Fuzzy Hash: BB21D3B590434D9FCB20CF9AD884BDEBBF4FB88350F10846AE919A7210D375A954CFA5
                                Function 017BD3D3 Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1456804050.00000000017BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BD000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_17bd000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
                                • Instruction ID: 19c59a15a57ddedd46c0cff3de37e8dc34c1d531167915dcd785d9a8211424e1
                                • Opcode Fuzzy Hash: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
                                • Instruction Fuzzy Hash: C911CD72404240CFCB12CF44D5C4B96BF62FB84328F2486A9DC090A656C33AE45ACBA2
                                Function 077BBCD8 Relevance: .1, Instructions: 54COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: aaa57d0f6c5553ceba79b7d5f6a3d873f3aacd0fab7426f7f5ac3b9761ab8c75
                                • Instruction ID: d63fad163750f2c766c1575a986f9e61679ad2ea98b3cb438557ca4a9fde287e
                                • Opcode Fuzzy Hash: aaa57d0f6c5553ceba79b7d5f6a3d873f3aacd0fab7426f7f5ac3b9761ab8c75
                                • Instruction Fuzzy Hash: 1011B2B1D106188BEB28CFABC9457DEFEF7AFC9300F04C06AD41966264DB7419458FA0
                                Function 0181D017 Relevance: .1, Instructions: 53COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1456989053.000000000181D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0181D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_181d000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
                                • Instruction ID: 587e8e8c86e0f3419f620f67050690ab83c284c7c11072d10f941ba8a9a4eb3f
                                • Opcode Fuzzy Hash: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
                                • Instruction Fuzzy Hash: CB11BE76504280CFCB12CF54D5C4B15BB61FB44314F24C6AAD8098B69AC33AD54ACB62
                                Function 0181D1CF Relevance: .1, Instructions: 53COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1456989053.000000000181D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0181D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_181d000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
                                • Instruction ID: e350de3db6b68f207838a91b15b0d7ff1df01678997939f83908051706350f1e
                                • Opcode Fuzzy Hash: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
                                • Instruction Fuzzy Hash: 5C11BE76504280DFCB02CF54C5C4B55BBA1FB84324F24C6A9D8498B696C33AE44ACB51
                                Function 077BAEA0 Relevance: .1, Instructions: 51COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 228711f6c58ace15b1832b23147a41ebb7d1cbf75b6797a82092f9cc4a6f02eb
                                • Instruction ID: e3d8e8fe16e0380a386a4d2495c1172301e7649e543befc5fda0a62cbfde7c6b
                                • Opcode Fuzzy Hash: 228711f6c58ace15b1832b23147a41ebb7d1cbf75b6797a82092f9cc4a6f02eb
                                • Instruction Fuzzy Hash: CD11B275E002098FCF08CFE8C8809ADBBB2FF49314F20816AD919AB265D631695ADB50
                                Function 077BE410 Relevance: .0, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a14cc2b0b1c6a115a1ee379c81fc4ab5d5318adba8824aae064b85b10ea14ddc
                                • Instruction ID: 67c3d3cfd4f18ab4a944e043a9abe062879ca4a7170c1f0df7f29d54b41e9194
                                • Opcode Fuzzy Hash: a14cc2b0b1c6a115a1ee379c81fc4ab5d5318adba8824aae064b85b10ea14ddc
                                • Instruction Fuzzy Hash: 3C01F5B0925249CFD710DBA5D4497EC7BBEFB89384F00A52991159B349DFB05805CF82
                                Function 017BD759 Relevance: .0, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1456804050.00000000017BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BD000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_17bd000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 06267b832f219f3acd8ea524f7aaf40dad40c44e6906384b9b846ae1f973a23f
                                • Instruction ID: 05ba480de17cee8ddd8d4b8ae32299af5e6b26e40070b202e714dd3c37f9c3c5
                                • Opcode Fuzzy Hash: 06267b832f219f3acd8ea524f7aaf40dad40c44e6906384b9b846ae1f973a23f
                                • Instruction Fuzzy Hash: 8B01DB711043809FF7304AA6CDC4BE6FFD8DF41328F18C45AED094A286C7799840CAB2
                                Function 077BCAF0 Relevance: .0, Instructions: 41COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: de052bcc74fd04ee946737e1109d068633925730467aa58c2f05a80dbb90a66f
                                • Instruction ID: af26faf927895445595ce92de18827dc68b6aa6dd2c7fc4d352fd422d7e2bc33
                                • Opcode Fuzzy Hash: de052bcc74fd04ee946737e1109d068633925730467aa58c2f05a80dbb90a66f
                                • Instruction Fuzzy Hash: 5D01E874A18208DFDB09DBA9C589FAEFBF6EB4A300F15C094E5099B351DB30AE40DB50
                                Function 077B85C0 Relevance: .0, Instructions: 40COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2212deee5eebbad587ea4facdb38f0123277354a933d517943e147d39bf96668
                                • Instruction ID: d035c7824a20281773f893133b314a99d77c7a127fcb6e9b9bd0535bb9c03589
                                • Opcode Fuzzy Hash: 2212deee5eebbad587ea4facdb38f0123277354a933d517943e147d39bf96668
                                • Instruction Fuzzy Hash: 1501E8B4E152099FCB44DFA9C9407AEFBF9FB49344F1095AA9819E3341EB319A01CB91
                                Function 077B85B3 Relevance: .0, Instructions: 39COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d61fc7ac3b97e67fa79f189857bae0be477c0718d992fed90116dbf90671986f
                                • Instruction ID: 340665e66de3c89f8039cc2d016c8a3669ea38dfb5c206a45ebe675157650640
                                • Opcode Fuzzy Hash: d61fc7ac3b97e67fa79f189857bae0be477c0718d992fed90116dbf90671986f
                                • Instruction Fuzzy Hash: 85014BB4E002099FCB44DFA9C9407AEFBF9EB49304F1084AAD818E3341EB359E01CB91
                                Function 077B6055 Relevance: .0, Instructions: 39COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 218486f9964c34e7e57d5e869cb31e41681f4016b25a4399273e32f0fd28a74f
                                • Instruction ID: 85868c8fb80c7b277799a05d6e881029cd207159df5b6ee01e8cbc11a6baa7f1
                                • Opcode Fuzzy Hash: 218486f9964c34e7e57d5e869cb31e41681f4016b25a4399273e32f0fd28a74f
                                • Instruction Fuzzy Hash: 7A01DAB1800219DFDB24DF5AC408BEEBAB5FF49790F14C625E524EB290D7754A44CBD0
                                Function 077BCA78 Relevance: .0, Instructions: 39COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dd8facc4747e7153a51706bc7c6d4d3eb843d5b2ccbc2b6d9bf573b8bb1ee011
                                • Instruction ID: 8bb03740ed6e850b9589bd53c7b6b40dab17b00987c75041cccd0fe201ba1294
                                • Opcode Fuzzy Hash: dd8facc4747e7153a51706bc7c6d4d3eb843d5b2ccbc2b6d9bf573b8bb1ee011
                                • Instruction Fuzzy Hash: 02F04FB0918209DBC725CF56D941BFDFBB9AB4B340F04D9A5E4095B211DB709A40DBA0
                                Function 077BBE7E Relevance: .0, Instructions: 38COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d9efdcabaee84a5a3a68a81a1420e52dc0fac772e562faa33e711ad254cdede3
                                • Instruction ID: dbb7f377056a8abf029a635eff931599b331cf7ba52d520a929200639b82daef
                                • Opcode Fuzzy Hash: d9efdcabaee84a5a3a68a81a1420e52dc0fac772e562faa33e711ad254cdede3
                                • Instruction Fuzzy Hash: 7301D3B4A18318CFCB25CFA4C984BE8BBB6FF4A301F1045A9D409AB261DB34AD45CF50
                                Function 077B60F0 Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a7e132aa30d89c4e843641818f35b17eaed5425578401fecacb71f782f3b5560
                                • Instruction ID: 07ba2e40fa98769d1b27db0b0f8c80db677dece40b7bf2de0c71f71c528ea856
                                • Opcode Fuzzy Hash: a7e132aa30d89c4e843641818f35b17eaed5425578401fecacb71f782f3b5560
                                • Instruction Fuzzy Hash: 80F05E727042246BD3089B6ADC84FABBBEDFBCD670B558069E908C7310DA319C01C2A0
                                Function 077B6C28 Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ac4ee5f603df9cbda7ca27d0b6453621498415100e5e79ae637241bc9a337539
                                • Instruction ID: ac677fa680a86aa1b4614c0744d96db47f52c79c939510098b596ab0599144eb
                                • Opcode Fuzzy Hash: ac4ee5f603df9cbda7ca27d0b6453621498415100e5e79ae637241bc9a337539
                                • Instruction Fuzzy Hash: C301F6B4D1530A9FCB54DFA9C5057EEFBF5EB09300F1085699809E3340EB30AA00CB51
                                Function 077B6C18 Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d64191453426a97e0ec8dff683baede06467a5578c6bbe4db54dab9c1f1a040d
                                • Instruction ID: 09b9670f3c61fd2a8e3a14b5743137a7a252605e6cd7d10e52c3e62e0f927de9
                                • Opcode Fuzzy Hash: d64191453426a97e0ec8dff683baede06467a5578c6bbe4db54dab9c1f1a040d
                                • Instruction Fuzzy Hash: CA0119B4D1530A9FDB58DFA9C9463AEFBF5EB48300F5085A9D805E3741EB31AA00CB61
                                Function 017BD758 Relevance: .0, Instructions: 36COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1456804050.00000000017BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017BD000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_17bd000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 40f805ae83ca8306cb13e24321b3d21837dde29df311a39e5c9d55aeae383e61
                                • Instruction ID: 02ad7affdadb5180a99a75dcb2820b4181718acaa108e596c991ca856310c499
                                • Opcode Fuzzy Hash: 40f805ae83ca8306cb13e24321b3d21837dde29df311a39e5c9d55aeae383e61
                                • Instruction Fuzzy Hash: F6F062715043849EE7218A5ADDC4BA2FFA8EF51735F18C45AED084A286C3799844CAB1
                                Function 077B43B0 Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6e59a23eb3710514ecc52aec86dc7c7e74852b7aca080f7d7f3ce660fe385aa6
                                • Instruction ID: 3abb4485d2f9d480473079feda0d7443655095cf1240d71e173f16bdfee72162
                                • Opcode Fuzzy Hash: 6e59a23eb3710514ecc52aec86dc7c7e74852b7aca080f7d7f3ce660fe385aa6
                                • Instruction Fuzzy Hash: C2F017B4E4120A9FDB04DFA9C9457EEBBF4BB49340F1085AAD814E3301EB309A15CB91
                                Function 077B32D0 Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7b72170d100387c05dca2eaced70bf1119b5e2e2455b350abf86e2946561fb18
                                • Instruction ID: f18ff2a8ddd16249fecd9dbf9c69a594da1c15101e70b3892a7ab17ec1d4376d
                                • Opcode Fuzzy Hash: 7b72170d100387c05dca2eaced70bf1119b5e2e2455b350abf86e2946561fb18
                                • Instruction Fuzzy Hash: 3CF0FFB4E052099FDB55DFA8C4457AEF7F4EB4A344F109999C814E3340DB759A45CB40
                                Function 077B6060 Relevance: .0, Instructions: 34COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5453ffff5602ef2affb7344d9561f2b6b3f0ff452191c6ba488c71f74fed89e4
                                • Instruction ID: 502414dd45b3d385fde36a21ea1a13188446b7ede85c49e6367538c76703988d
                                • Opcode Fuzzy Hash: 5453ffff5602ef2affb7344d9561f2b6b3f0ff452191c6ba488c71f74fed89e4
                                • Instruction Fuzzy Hash: 6A01E8B1800219DFDB24CF6AC408BEEBAF1FF483A0F108625E524EB290D7754A44CBD0
                                Function 077B7F41 Relevance: .0, Instructions: 34COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 65c1c11db6210f9aa8d695c86ea5e1912c2351caedfe9065f5b5241a74e572d8
                                • Instruction ID: 41e76ac656c9b8625ef32e0657a438132f3f3093e1bfcaf99caf68df554e5f26
                                • Opcode Fuzzy Hash: 65c1c11db6210f9aa8d695c86ea5e1912c2351caedfe9065f5b5241a74e572d8
                                • Instruction Fuzzy Hash: E7F0F9B4E05209DFDB19DFE9D9057AEFBF4BB49340F10896A9815E3210EB70AA01DB94
                                Function 077B43C0 Relevance: .0, Instructions: 33COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 81b0834c13129fbff85592b6b76a6b90c6cfde4769b3d92c9e9b9b072a571dca
                                • Instruction ID: 93d693a67affe11f6a1d324acb7b31570c6486cf0dd07e499937ea6416496416
                                • Opcode Fuzzy Hash: 81b0834c13129fbff85592b6b76a6b90c6cfde4769b3d92c9e9b9b072a571dca
                                • Instruction Fuzzy Hash: 64F0E2B8D0520ADFCB14DFA9D9456EEBBF4BB49340F1085AAD818E3301EB309A11CB91
                                Function 077B7049 Relevance: .0, Instructions: 33COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d31feb9fe27f802690cf191a4831d156814ab0d82fc440c5a1d72b4ed70485ad
                                • Instruction ID: 23971db31042ea06200713ad2baaf7eff2e0ab659b82a656ba33275f18216324
                                • Opcode Fuzzy Hash: d31feb9fe27f802690cf191a4831d156814ab0d82fc440c5a1d72b4ed70485ad
                                • Instruction Fuzzy Hash: AEF0FE72604108EFDB58DF69D846BDA7BA9EB48260F10806AE904D7214E631A9508794
                                Function 077B7F50 Relevance: .0, Instructions: 33COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6680c41917d8bf6f4595988861a0e61c96148a399541e1fa517c067c1889348f
                                • Instruction ID: 9918b96b7a0ac5fcc6a8a6ff2dc6edfdffb2062be14a6baa990d71702e08355c
                                • Opcode Fuzzy Hash: 6680c41917d8bf6f4595988861a0e61c96148a399541e1fa517c067c1889348f
                                • Instruction Fuzzy Hash: 0AF0FFB4D05209DFDB18DFA9C5016EEFBF4BB49340F10856A9814E3300E730AA01CF95
                                Function 077B6100 Relevance: .0, Instructions: 32COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9105e7b65005338e195fa5f5678c751a1b175c9567ffc12c380a5fa6d0e2ec0d
                                • Instruction ID: de3fe2e2da80bc59d23d2cea4c7a5a0474f16c505b30b9a81613cb7219c21e6c
                                • Opcode Fuzzy Hash: 9105e7b65005338e195fa5f5678c751a1b175c9567ffc12c380a5fa6d0e2ec0d
                                • Instruction Fuzzy Hash: 49E06D727042286F9304DAAEDC84E6BBBEEFBCC670311807AF908C7314DA319C00C6A0
                                Function 077B8558 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 83d191dc7fe83c7a794f7b4835a924f830714873e8e462c71661b4b15b2f4b07
                                • Instruction ID: 9842c409e36552355f3430bc9e89c3f4124d388107adf51651af3491287d09ef
                                • Opcode Fuzzy Hash: 83d191dc7fe83c7a794f7b4835a924f830714873e8e462c71661b4b15b2f4b07
                                • Instruction Fuzzy Hash: 93F0B7B4E14209DFCB54DFA9D4856EDFBF8EF49200F0089AAD418E3200E77056408B81
                                Function 077B3D30 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7df512e6dcb7778903e95e7d2070a09e69ebde5c8eb2aa3591f47429bb099cdb
                                • Instruction ID: c58664f741283de5660993e8822d44d805d18c40ec70d3a22244c89c2efd3892
                                • Opcode Fuzzy Hash: 7df512e6dcb7778903e95e7d2070a09e69ebde5c8eb2aa3591f47429bb099cdb
                                • Instruction Fuzzy Hash: 69F0B2B8D14209EFDB54DFB9C5466EDFBF8EB09240F4099AAD828E3310E7705A908B40
                                Function 077B3D21 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 78bfb0d3b548ceaddef7ac9e66e488a6435c88950bcb0cb0852b38d3fdc903dc
                                • Instruction ID: 6bda57f415e0e3012135602be77463a2769ca2166f80d6ec630d4ca92d9104a2
                                • Opcode Fuzzy Hash: 78bfb0d3b548ceaddef7ac9e66e488a6435c88950bcb0cb0852b38d3fdc903dc
                                • Instruction Fuzzy Hash: 35F017B4E14208EFDB55DFA9C4427ADFBF4EB09240F8089AAD818E3210E77056508B40
                                Function 077B854B Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2e7a35d4455ec7e5c213b0befcd29830fa25d599b322677da6cbfe1d389869a7
                                • Instruction ID: 7272f415959ce8a3edcaf0816b5d48e5b2b4083f1af5ac8a5fc02224ae920054
                                • Opcode Fuzzy Hash: 2e7a35d4455ec7e5c213b0befcd29830fa25d599b322677da6cbfe1d389869a7
                                • Instruction Fuzzy Hash: B2F0B7B5D14209EFDB54DFA9D8457ADFBB8EF49201F4089AAD415E3200E77056408B81
                                Function 077B83D8 Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 43d5932dea629dab261bc51b678330ee6f871f4c77b1a4d82988e95b4c7e5b2e
                                • Instruction ID: 4613bc679563380488888849c804df51393d48de4252fec3a2aac50c88023f92
                                • Opcode Fuzzy Hash: 43d5932dea629dab261bc51b678330ee6f871f4c77b1a4d82988e95b4c7e5b2e
                                • Instruction Fuzzy Hash: 82F01DF0D1831ADFDB54DFA9C4466AEBFF4BB08300F00895AE914E7201E7708641CB91
                                Function 077B83E8 Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0bffc6872338372f9a598806d8c46fcbba50c9b86337d4085f92aefd72cd4489
                                • Instruction ID: c8e5eae3d86e87b1059e7d65d3b14ec4bcd38857a94879223550ced09012bb5c
                                • Opcode Fuzzy Hash: 0bffc6872338372f9a598806d8c46fcbba50c9b86337d4085f92aefd72cd4489
                                • Instruction Fuzzy Hash: 3BF0DAF0D0431A9FDB54DFA9C842BAEBBF8AB48340F1089AAD918E7201D77095008BD1
                                Function 077BBD8C Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2bea3da9d505594e0c7484bfe8e838c627bd12fedecaf0aa8446daf6e26a3f13
                                • Instruction ID: c5e8a37638addfcd75e0106f2dcae06b40471e9fc3a9591585cb467213f79a16
                                • Opcode Fuzzy Hash: 2bea3da9d505594e0c7484bfe8e838c627bd12fedecaf0aa8446daf6e26a3f13
                                • Instruction Fuzzy Hash: 69F01DB1915204CFCB25CF94D585BECBBB6FB0A340F509085E4096B315C730AD84CF60
                                Function 077B5898 Relevance: .0, Instructions: 28COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 318f44c341687b25779a49725dcda67f46c71e415d1d663c3bda4b9dd9e9f8d8
                                • Instruction ID: 03aece94d8b3e01d898c04dd1c8b0ee2fbed20066344f5aa7a1d96771df4f5e9
                                • Opcode Fuzzy Hash: 318f44c341687b25779a49725dcda67f46c71e415d1d663c3bda4b9dd9e9f8d8
                                • Instruction Fuzzy Hash: 7FE0EA2642A7F11BF702AB7CA8B12CA3FA24E92125B0984D3C1948E553E918548DC6EF
                                Function 077B8688 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f8e63a428e872086774e140d6f5d05d7ec185688143843301eea089059a9a314
                                • Instruction ID: 92e37eb03c702a78938461c4261e9424aed6308e0a580f619b1f8ab2178e5127
                                • Opcode Fuzzy Hash: f8e63a428e872086774e140d6f5d05d7ec185688143843301eea089059a9a314
                                • Instruction Fuzzy Hash: 1EF0C9B4D15208EFCB54DFB8D5457ADBBF8AB0A208F1089A9D409E3201E7709A40CF45
                                Function 077BF8C0 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 82aafbf20d065a2ee644289ed5fcc2bbd5bac3c7007ef56bcaf1e6ea1abca8bc
                                • Instruction ID: 1e37745a7b00088e822f0c5bb81ce02b2393e4ec4b3e3deee71f310d0fb21253
                                • Opcode Fuzzy Hash: 82aafbf20d065a2ee644289ed5fcc2bbd5bac3c7007ef56bcaf1e6ea1abca8bc
                                • Instruction Fuzzy Hash: E6F01575D10208EBCB18EFA9D844B9CFBB5FB48301F00C0AAE918A3340DA746A50DF41
                                Function 077B5FBD Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b9ac17b854d853793975c03c7c960f699d591de674fe2c8c4db2747eec8b1b0b
                                • Instruction ID: acbf1ea2f76308078f53af7ffa894e14251f0f865419cc4642a973e38f2ecfa7
                                • Opcode Fuzzy Hash: b9ac17b854d853793975c03c7c960f699d591de674fe2c8c4db2747eec8b1b0b
                                • Instruction Fuzzy Hash: 81E01272C10128E78B11AFD9D8056DFFF79EF05750B418112F915AB600E7701B60CBD0
                                Function 077B8380 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3d452d0792a03d62e56e88f37c20fa261102fc125efc10dabeddedb46841231c
                                • Instruction ID: b9617b922b2465e52ab83b2d6f2204f00205ca7ce341fe985e2999de04b1aa88
                                • Opcode Fuzzy Hash: 3d452d0792a03d62e56e88f37c20fa261102fc125efc10dabeddedb46841231c
                                • Instruction Fuzzy Hash: 82E0EDB0D14606DFDB50DF79C509A9EBBF0BB08300F10C4AAE019E7251D7758604CF81
                                Function 077BBF4F Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 612b2ae41f837364283040693ac1e71dea986f0372681bc85abd7a57eab1f0af
                                • Instruction ID: a3b2e5cb8008dc2fca3e0f4b8d77451658a156bdc87139479d991c2b83c2c446
                                • Opcode Fuzzy Hash: 612b2ae41f837364283040693ac1e71dea986f0372681bc85abd7a57eab1f0af
                                • Instruction Fuzzy Hash: 8AE06D705282548FD724DF28C485AA8BB3AFF06240F4181E5D84A5B166CB30B940CF11
                                Function 077B4E90 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5fbf8270b0f6c31db4764ac16b2aefb62244e1b22ce9ba7ea1701197a0d79762
                                • Instruction ID: 0217770a2bf90890260b2e59d6ee2e40e09f6d2f3b7afc4d2f6f35ee514b8740
                                • Opcode Fuzzy Hash: 5fbf8270b0f6c31db4764ac16b2aefb62244e1b22ce9ba7ea1701197a0d79762
                                • Instruction Fuzzy Hash: 70E0C2B180124CDBCB24EFF4C4447EDB7F4EB06240F500A98E40553341EB301E44D792
                                Function 077B8390 Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 775004149f59fece751dacaa777cf6555d116443bbf2b66441e03cd640ca4051
                                • Instruction ID: d235551fd12e460c72323b5d8dae3509945e276677d910272b97123f6c520ed3
                                • Opcode Fuzzy Hash: 775004149f59fece751dacaa777cf6555d116443bbf2b66441e03cd640ca4051
                                • Instruction Fuzzy Hash: FBE0B6F0D44209DFD750EFB9C905B9EBBF4BF08200F1185A9D019E7251E7B496048F92
                                Function 077B5FC8 Relevance: .0, Instructions: 16COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                                • Instruction ID: f155bf8e79c253f0fc67647fb110a159e44a284766a20e8ff05618ba03a18552
                                • Opcode Fuzzy Hash: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                                • Instruction Fuzzy Hash: 17D09E72D001399B8B10AFE9DC054DFFF79EF05650F418126E915A7100D3715A21DBD1
                                Function 077B8488 Relevance: .0, Instructions: 14COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4d4101951bd8870ab9314fb287ba63771bd1895c38cf29af59c619337c7f8f3e
                                • Instruction ID: 964ad5ecb64f6395468ab3baaf65d5bff35f2412c2f814ed39fe54eeb0a2abb0
                                • Opcode Fuzzy Hash: 4d4101951bd8870ab9314fb287ba63771bd1895c38cf29af59c619337c7f8f3e
                                • Instruction Fuzzy Hash: EDD012321102089E4B50EFA5E844D9277DCBB547407008422E504CB120E721E428D7D2
                                Function 077BA420 Relevance: .0, Instructions: 13COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c4d268a608d4e8ef9063004d102505ccf768645eb4db8a38d5c43c2d9e7fa97d
                                • Instruction ID: 71de515b8d6b10669c4dc6e5e5e9fcd236aa4df5082fe2c1eace9cce2aa31eac
                                • Opcode Fuzzy Hash: c4d268a608d4e8ef9063004d102505ccf768645eb4db8a38d5c43c2d9e7fa97d
                                • Instruction Fuzzy Hash: DDD0A9720183804FD32A6769E50EBA0BFB4AB03202F4800BBE88DC6172CFA00800CB22
                                Function 077BA4A0 Relevance: .0, Instructions: 13COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6eed92e2d8a6599dae93167cb25a54f90b0abec6501df1c119f409693df6d82c
                                • Instruction ID: 8be78631c77f8761fb52244101066ac860408b4efd593f778e5a2ad6d9b1d0a3
                                • Opcode Fuzzy Hash: 6eed92e2d8a6599dae93167cb25a54f90b0abec6501df1c119f409693df6d82c
                                • Instruction Fuzzy Hash: B6C0226201570103D3282A99D50E3B879E0830A232F000F20D12C421E0DE945C40A750
                                Function 077B55D0 Relevance: .0, Instructions: 11COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dc8fbd6ec43dc488e476492ca00b2264ed7e6e3a1f16c1c58f51df6873c7dc1d
                                • Instruction ID: b600c6b6b6fe2cbe4e34453e2cf97837f1ffb91152d4af42f19f27625d4f45dd
                                • Opcode Fuzzy Hash: dc8fbd6ec43dc488e476492ca00b2264ed7e6e3a1f16c1c58f51df6873c7dc1d
                                • Instruction Fuzzy Hash: BAC08CBA004040F9D7187F40C91CFD2BBA8FBA8302F00C813E9488A030EB308918E701
                                Function 077BA430 Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c938cfc24debdb1f5e3df2ced9deb5e49b74cc4ca553b5edad25335bfedca562
                                • Instruction ID: ee9186fff085a13e9434bf3e981c601fe18d6cfa8626d0646fbf6fce5341e37d
                                • Opcode Fuzzy Hash: c938cfc24debdb1f5e3df2ced9deb5e49b74cc4ca553b5edad25335bfedca562
                                • Instruction Fuzzy Hash: A4C08C720207088BE318279AF50F7B4BFA8A702206F400415F00D025104FA02400CF66
                                Function 077BA4B0 Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6ba5d6bacea6970879282fdfc31603eba28d6eaab83107f15029b257e018e162
                                • Instruction ID: f96227aaf16b549782de07c1a431900dd7c285857eb749cc2029e48fc8db87da
                                • Opcode Fuzzy Hash: 6ba5d6bacea6970879282fdfc31603eba28d6eaab83107f15029b257e018e162
                                • Instruction Fuzzy Hash: 25B02B7102270547D21C364EA00D7B0BAD89303201F000800A00D024101FA02400CBA4
                                Function 077BA654 Relevance: .0, Instructions: 9COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000008.00000002.1464484144.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_77b0000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e879771e62a83240e09fa9ae9403184c0275dec1326fcf5a22e2b01b718584e8
                                • Instruction ID: 1370f32995a8cd41fbef143c45a378bd015c89d99de07e72904f5615647839a6
                                • Opcode Fuzzy Hash: e879771e62a83240e09fa9ae9403184c0275dec1326fcf5a22e2b01b718584e8
                                • Instruction Fuzzy Hash: CCD0C9B0924319CFDB51DF14D844BB8BBBAFB49300F019098900952200DB341E84CF91

                                Execution Graph

                                Execution Coverage:7.8%
                                Dynamic/Decrypted Code Coverage:100%
                                Signature Coverage:0%
                                Total number of Nodes:62
                                Total number of Limit Nodes:7
                                execution_graph 38812 59ac078 38813 59ac0c6 DrawTextExW 38812->38813 38815 59ac11e 38813->38815 38818 b021eb0 38819 b021eb2 38818->38819 38820 b02203b 38819->38820 38823 b022130 PostMessageW 38819->38823 38825 b022129 38819->38825 38824 b02219c 38823->38824 38824->38819 38826 b02212e PostMessageW 38825->38826 38827 b022194 38825->38827 38826->38827 38827->38819 38778 13f4668 38779 13f467a 38778->38779 38780 13f4686 38779->38780 38782 13f4779 38779->38782 38783 13f477c 38782->38783 38787 13f4879 38783->38787 38791 13f4888 38783->38791 38789 13f487c 38787->38789 38788 13f498c 38788->38788 38789->38788 38795 13f44b4 38789->38795 38792 13f488a 38791->38792 38793 13f498c 38792->38793 38794 13f44b4 CreateActCtxA 38792->38794 38794->38793 38796 13f5918 CreateActCtxA 38795->38796 38798 13f59db 38796->38798 38762 59ad610 CloseHandle 38763 59ad677 38762->38763 38799 59a7180 38800 59a71ab 38799->38800 38801 59a71a4 38799->38801 38806 59a71d2 38800->38806 38808 59a5ad4 38800->38808 38804 59a5ad4 GetCurrentThreadId 38804->38806 38805 59a71fe 38806->38805 38807 59a74ef GetCurrentThreadId 38806->38807 38807->38805 38809 59a5adf 38808->38809 38810 59a74ef GetCurrentThreadId 38809->38810 38811 59a71c8 38809->38811 38810->38811 38811->38804 38764 13fac70 38768 13fad68 38764->38768 38773 13fad58 38764->38773 38765 13fac7f 38769 13fad9c 38768->38769 38770 13fad79 38768->38770 38769->38765 38770->38769 38771 13fafa0 GetModuleHandleW 38770->38771 38772 13fafcd 38771->38772 38772->38765 38774 13fad9c 38773->38774 38775 13fad79 38773->38775 38774->38765 38775->38774 38776 13fafa0 GetModuleHandleW 38775->38776 38777 13fafcd 38776->38777 38777->38765 38816 13fd650 DuplicateHandle 38817 13fd6e6 38816->38817 38828 13fd000 38829 13fd046 GetCurrentProcess 38828->38829 38831 13fd098 GetCurrentThread 38829->38831 38832 13fd091 38829->38832 38833 13fd0ce 38831->38833 38834 13fd0d5 GetCurrentProcess 38831->38834 38832->38831 38833->38834 38837 13fd10b 38834->38837 38835 13fd133 GetCurrentThreadId 38836 13fd164 38835->38836 38837->38835

                                Executed Functions

                                Function 085834B8 Relevance: 3.1, Strings: 2, Instructions: 562COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 45 85834b8-85834e0 46 85834e2 45->46 47 85834e7-85835a3 45->47 46->47 50 85835a8-85835b5 47->50 51 85835a5-85835cb 47->51 50->51 53 8583abb-8583afd 51->53 54 85835d1-85835fb 51->54 63 8583b00-8583b04 53->63 57 8583cc8-8583cd4 54->57 58 8583601-8583619 54->58 59 8583cda-8583ce3 57->59 58->59 60 858361f-8583620 58->60 66 8583ce9-8583cf5 59->66 62 8583cae-8583cba 60->62 64 8583cc0-8583cc7 62->64 65 8583625-8583631 62->65 67 8583b0a-8583b10 63->67 68 85836d6-85836da 63->68 72 8583638-8583653 65->72 73 8583633 65->73 77 8583cfb-8583d07 66->77 67->53 69 8583b12-8583b6d 67->69 70 85836ec-85836f2 68->70 71 85836dc-85836ea 68->71 92 8583b6f-8583ba2 69->92 93 8583ba4-8583bce 69->93 75 8583737-858373b 70->75 74 858374a-858377c 71->74 72->66 76 8583659-858367e 72->76 73->72 98 858377e-858378a 74->98 99 85837a6 74->99 78 858373d 75->78 79 85836f4-8583700 75->79 76->77 91 8583684-8583686 76->91 81 8583d0d-8583d14 77->81 82 8583740-8583744 78->82 84 8583702 79->84 85 8583707-858370f 79->85 82->74 87 85836bc-85836d3 82->87 84->85 89 8583711-8583725 85->89 90 8583734 85->90 87->68 95 8583689-8583694 89->95 96 858372b-8583732 89->96 90->75 91->95 107 8583bd7-8583c56 92->107 93->107 95->81 100 858369a-85836b7 95->100 96->78 102 858378c-8583792 98->102 103 8583794-858379a 98->103 105 85837ac-85837d9 99->105 100->82 108 85837a4 102->108 103->108 112 8583828-85838bb 105->112 113 85837db-8583813 105->113 120 8583c5d-8583c70 107->120 108->105 128 85838bd 112->128 129 85838c4-85838c5 112->129 121 8583c7f-8583c84 113->121 120->121 122 8583c9b-8583cab 121->122 123 8583c86-8583c94 121->123 122->62 123->122 128->129 130 8583916-858391c 129->130 131 858391e-85839e0 130->131 132 85838c7-85838e6 130->132 143 8583a21-8583a25 131->143 144 85839e2-8583a1b 131->144 133 85838e8 132->133 134 85838ed-8583913 132->134 133->134 134->130 145 8583a66-8583a6a 143->145 146 8583a27-8583a60 143->146 144->143 147 8583aab-8583aaf 145->147 148 8583a6c-8583aa5 145->148 146->145 147->69 151 8583ab1-8583ab9 147->151 148->147 151->63
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID: :$~
                                • API String ID: 0-2431124681
                                • Opcode ID: ad69b0c493af89e2b9c5de910090f91b3af87524be7a24766072ece808c631cc
                                • Instruction ID: 95d73d19c1e3448764abb9465c8a911eef497b5a3908fab702f49b1ebb7d4e2e
                                • Opcode Fuzzy Hash: ad69b0c493af89e2b9c5de910090f91b3af87524be7a24766072ece808c631cc
                                • Instruction Fuzzy Hash: 6B42E075A00228DFDB15DFA9C980BD9BBB2FF88304F1584E9E509AB361D731A991DF10
                                Function 08582106 Relevance: 1.8, Strings: 1, Instructions: 561COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 153 8582106-858210a 154 858210b-8582120 153->154 155 8582acd-8582add 153->155 154->155 156 8582121-858212c 154->156 158 8582132-858213e 156->158 159 858214a-8582159 158->159 161 85821b8-85821bc 159->161 162 85821c2-85821cb 161->162 163 8582264-85822ce 161->163 164 85821d1-85821e7 162->164 165 85820c6-85820d2 162->165 163->155 201 85822d4-858281b 163->201 173 8582239-858224b 164->173 174 85821e9-85821ec 164->174 165->155 167 85820d8-85820e4 165->167 168 858215b-8582161 167->168 169 85820e6-85820fa 167->169 168->155 171 8582167-858217f 168->171 169->168 179 85820fc-8582105 169->179 171->155 182 8582185-85821ad 171->182 183 8582a0c-8582ac2 173->183 184 8582251-8582254 173->184 174->155 175 85821f2-858222f 174->175 175->163 197 8582231-8582237 175->197 179->153 182->161 183->155 186 8582257-8582261 184->186 197->173 197->174 279 858281d-8582827 201->279 280 8582832-85828c5 201->280 281 858282d 279->281 282 85828d0-8582963 279->282 280->282 283 858296e-8582a01 281->283 282->283 283->183
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID: D
                                • API String ID: 0-2746444292
                                • Opcode ID: 9eb1a5c22bb08ff93290cb59b53568b8ee4de1f331f3329e23b0fec97444f7f8
                                • Instruction ID: 818d64e8c0fcb71737645c65185969cde099b8f3714a4eb7ac66fbe542126004
                                • Opcode Fuzzy Hash: 9eb1a5c22bb08ff93290cb59b53568b8ee4de1f331f3329e23b0fec97444f7f8
                                • Instruction Fuzzy Hash: 1152B374A40229DFDB64DF64D998B99B7B2FF89300F1081E9D50AA7364CB34AE81CF51
                                Function 013FCFF1 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                • GetCurrentProcess.KERNEL32 ref: 013FD07E
                                • GetCurrentThread.KERNEL32 ref: 013FD0BB
                                • GetCurrentProcess.KERNEL32 ref: 013FD0F8
                                • GetCurrentThreadId.KERNEL32 ref: 013FD151
                                Memory Dump Source
                                • Source File: 00000009.00000002.1412263300.00000000013F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_13f0000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID: Current$ProcessThread
                                • String ID:
                                • API String ID: 2063062207-0
                                • Opcode ID: 9ea42a4f119be845d1b2b6d4f6e07d2af51a493769ba17aebfa8e52f3ea2e72e
                                • Instruction ID: 3753f0f5eb736e0af6455bc79f5bb16973d10dcabd32878484d3a7206ea37d7c
                                • Opcode Fuzzy Hash: 9ea42a4f119be845d1b2b6d4f6e07d2af51a493769ba17aebfa8e52f3ea2e72e
                                • Instruction Fuzzy Hash: 955167B09007498FEB18CFAAD948B9EBBF1EF48304F20845DE519A7391D7749988CF65
                                Function 013FD000 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                • GetCurrentProcess.KERNEL32 ref: 013FD07E
                                • GetCurrentThread.KERNEL32 ref: 013FD0BB
                                • GetCurrentProcess.KERNEL32 ref: 013FD0F8
                                • GetCurrentThreadId.KERNEL32 ref: 013FD151
                                Memory Dump Source
                                • Source File: 00000009.00000002.1412263300.00000000013F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_13f0000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID: Current$ProcessThread
                                • String ID:
                                • API String ID: 2063062207-0
                                • Opcode ID: 1909c3d14ac05ec005b8ce3890d3edb5092d69d4e7134d40c3067d1d016353f6
                                • Instruction ID: dfb596ca4ebaeb857c6cc9d31235c2eaaa80fcb9b680eeae2ba911f8cf74faee
                                • Opcode Fuzzy Hash: 1909c3d14ac05ec005b8ce3890d3edb5092d69d4e7134d40c3067d1d016353f6
                                • Instruction Fuzzy Hash: 995158B09007498FEB14CFAAD948B9EBBF1EF48314F20845DD51AA7390D7749988CF65
                                Function 059A7180 Relevance: 1.8, APIs: 1, Instructions: 271COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 308 59a7180-59a71a2 309 59a71ab-59a71b5 308->309 310 59a71a4-59a71aa 308->310 312 59a71bb-59a71d4 call 59a5ad4 * 2 309->312 313 59a73f1-59a741d 309->313 320 59a71da-59a71fc 312->320 321 59a7424-59a7489 312->321 313->321 328 59a71fe-59a720c call 59a5ae4 320->328 329 59a720d-59a721c 320->329 344 59a748b-59a74d8 321->344 345 59a74d9-59a74e8 321->345 334 59a721e-59a723b 329->334 335 59a7241-59a7262 329->335 334->335 346 59a72b2-59a72da 335->346 347 59a7264-59a7275 335->347 357 59a74da-59a74e5 344->357 358 59a74ef-59a7515 GetCurrentThreadId 344->358 359 59a74ed 345->359 382 59a72dd call 59a753a 346->382 383 59a72dd call 59a7670 346->383 352 59a7277-59a728f call 59a5af4 347->352 353 59a72a4-59a72a8 347->353 370 59a7291-59a7292 352->370 371 59a7294-59a72a2 352->371 353->346 357->359 361 59a751e 358->361 362 59a7517-59a751d 358->362 363 59a7525-59a7532 359->363 361->363 362->361 364 59a72e0-59a7305 374 59a734b 364->374 375 59a7307-59a731c 364->375 370->371 371->352 371->353 374->313 375->374 377 59a731e-59a7341 375->377 377->374 381 59a7343 377->381 381->374 382->364 383->364
                                Memory Dump Source
                                • Source File: 00000009.00000002.1436891559.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_59a0000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6fe48c77e68fe6506787b178bed8eeaec6efe18b290bfc180395336d0299921a
                                • Instruction ID: 9bff7b756d5bf17147341bd1668b683cfccdd1d68c547ea74a469f0285227fa9
                                • Opcode Fuzzy Hash: 6fe48c77e68fe6506787b178bed8eeaec6efe18b290bfc180395336d0299921a
                                • Instruction Fuzzy Hash: 8DA18135A002098FCB15DFA8C955AAEB7F6FF89210F244599D805EB391DB35DC41CBA1
                                Function 013FAD68 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 384 13fad68-13fad77 385 13fad79-13fad86 call 13fa08c 384->385 386 13fada3-13fada7 384->386 393 13fad9c 385->393 394 13fad88 385->394 387 13fadbb-13fadfc 386->387 388 13fada9-13fadb3 386->388 395 13fadfe-13fae06 387->395 396 13fae09-13fae17 387->396 388->387 393->386 440 13fad8e call 13faff0 394->440 441 13fad8e call 13fb000 394->441 395->396 398 13fae3b-13fae3d 396->398 399 13fae19-13fae1e 396->399 397 13fad94-13fad96 397->393 400 13faed8-13faf98 397->400 401 13fae40-13fae47 398->401 402 13fae29 399->402 403 13fae20-13fae27 call 13fa098 399->403 435 13faf9a-13faf9d 400->435 436 13fafa0-13fafcb GetModuleHandleW 400->436 405 13fae49-13fae51 401->405 406 13fae54-13fae5b 401->406 404 13fae2b-13fae39 402->404 403->404 404->401 405->406 408 13fae5d-13fae65 406->408 409 13fae68-13fae71 call 13fa0a8 406->409 408->409 415 13fae7e-13fae83 409->415 416 13fae73-13fae7b 409->416 417 13fae85-13fae8c 415->417 418 13faea1-13faea5 415->418 416->415 417->418 420 13fae8e-13fae9e call 13fa0b8 call 13fa0c8 417->420 421 13faeab-13faeae 418->421 420->418 424 13faed1-13faed7 421->424 425 13faeb0-13faece 421->425 425->424 435->436 437 13fafcd-13fafd3 436->437 438 13fafd4-13fafe8 436->438 437->438 440->397 441->397
                                APIs
                                • GetModuleHandleW.KERNELBASE(00000000), ref: 013FAFBE
                                Memory Dump Source
                                • Source File: 00000009.00000002.1412263300.00000000013F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_13f0000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID: HandleModule
                                • String ID:
                                • API String ID: 4139908857-0
                                • Opcode ID: bbb5d7d87517529bcb05c3c5b81e1e1b723ea74b53b32542fc49ec3eb0d37578
                                • Instruction ID: 91dbb09cb84d36564161970037c6b51452bc253b5b852d2f3a6312eb39322f4a
                                • Opcode Fuzzy Hash: bbb5d7d87517529bcb05c3c5b81e1e1b723ea74b53b32542fc49ec3eb0d37578
                                • Instruction Fuzzy Hash: EC713470A00B068FE725DF6AD440B5ABBF1FF88208F108A2DD58AD7B50D775E849CB91
                                Function 013F590C Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 442 13f590c-13f590e 443 13f5912 442->443 444 13f5910 442->444 445 13f5916-13f598c 443->445 446 13f5913-13f5915 443->446 444->443 448 13f598f-13f59d9 CreateActCtxA 445->448 446->445 450 13f59db-13f59e1 448->450 451 13f59e2-13f5a3c 448->451 450->451 458 13f5a3e-13f5a41 451->458 459 13f5a4b-13f5a4f 451->459 458->459 460 13f5a51-13f5a5d 459->460 461 13f5a60 459->461 460->461 463 13f5a61 461->463 463->463
                                APIs
                                • CreateActCtxA.KERNEL32(?), ref: 013F59C9
                                Memory Dump Source
                                • Source File: 00000009.00000002.1412263300.00000000013F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_13f0000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID: Create
                                • String ID:
                                • API String ID: 2289755597-0
                                • Opcode ID: 90f3f97847f57e9000b10fd7f74e53cdb8ea45c54b9f91e9e1c4146951c37be4
                                • Instruction ID: 198940967a839f5d03f580e739b729ed5c81a4d22d24075b89c9d23b92c2b402
                                • Opcode Fuzzy Hash: 90f3f97847f57e9000b10fd7f74e53cdb8ea45c54b9f91e9e1c4146951c37be4
                                • Instruction Fuzzy Hash: 3C410470C0071DCBEB25DFAAC8447DEBBB5BF49704F20806AD509AB251D775594ACF50
                                Function 013F44B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 464 13f44b4-13f59d9 CreateActCtxA 468 13f59db-13f59e1 464->468 469 13f59e2-13f5a3c 464->469 468->469 476 13f5a3e-13f5a41 469->476 477 13f5a4b-13f5a4f 469->477 476->477 478 13f5a51-13f5a5d 477->478 479 13f5a60 477->479 478->479 481 13f5a61 479->481 481->481
                                APIs
                                • CreateActCtxA.KERNEL32(?), ref: 013F59C9
                                Memory Dump Source
                                • Source File: 00000009.00000002.1412263300.00000000013F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_13f0000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID: Create
                                • String ID:
                                • API String ID: 2289755597-0
                                • Opcode ID: 113cb49552d1b00c83298ac1852209b7a01a4f666accb5987abe59ad2544f5b4
                                • Instruction ID: 43c255a8ccba0edcd9caf3232016fa256fc85463fc5c9b42044bc08fe638397c
                                • Opcode Fuzzy Hash: 113cb49552d1b00c83298ac1852209b7a01a4f666accb5987abe59ad2544f5b4
                                • Instruction Fuzzy Hash: E541F270C0072DCBEB25DFAAC844BCEBBB5BF49704F20806AD509AB251DB756949CF90
                                Function 013F5A84 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 482 13f5a84-13f5a8f 484 13f5b09-13f5b3b 482->484
                                Memory Dump Source
                                • Source File: 00000009.00000002.1412263300.00000000013F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_13f0000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 241aceb749d669e3d6d342a800b3546454acf712f515fbcbceaeb2aadf29e791
                                • Instruction ID: efe06eda961432a39f41ab88dec64c9747111dfa6504ffb41823191a2ba1d0ae
                                • Opcode Fuzzy Hash: 241aceb749d669e3d6d342a800b3546454acf712f515fbcbceaeb2aadf29e791
                                • Instruction Fuzzy Hash: 4231AA71805759CFEF12CBA8C8457EEBBF0AF46318F10818EC206AB252C776A949CB41
                                Function 059AC071 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 486 59ac071-59ac0c4 488 59ac0cf-59ac0de 486->488 489 59ac0c6-59ac0cc 486->489 490 59ac0e3-59ac11c DrawTextExW 488->490 491 59ac0e0 488->491 489->488 492 59ac11e-59ac124 490->492 493 59ac125-59ac142 490->493 491->490 492->493
                                APIs
                                • DrawTextExW.USER32(?,?,?,?,?,?), ref: 059AC10F
                                Memory Dump Source
                                • Source File: 00000009.00000002.1436891559.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_59a0000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID: DrawText
                                • String ID:
                                • API String ID: 2175133113-0
                                • Opcode ID: 97268963174b63264dc9bda26b199798d906c76459f9d64146f392f153423bd9
                                • Instruction ID: f1a689b9272454e41662e9dbce97444227b4e683523df7df54ebc23a8a760513
                                • Opcode Fuzzy Hash: 97268963174b63264dc9bda26b199798d906c76459f9d64146f392f153423bd9
                                • Instruction Fuzzy Hash: 4231C0B69003099FDB10CF9AD884A9EFBF9FB48314F14842AE819A7310D375A944CFA4
                                Function 059AC078 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 496 59ac078-59ac0c4 497 59ac0cf-59ac0de 496->497 498 59ac0c6-59ac0cc 496->498 499 59ac0e3-59ac11c DrawTextExW 497->499 500 59ac0e0 497->500 498->497 501 59ac11e-59ac124 499->501 502 59ac125-59ac142 499->502 500->499 501->502
                                APIs
                                • DrawTextExW.USER32(?,?,?,?,?,?), ref: 059AC10F
                                Memory Dump Source
                                • Source File: 00000009.00000002.1436891559.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_59a0000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID: DrawText
                                • String ID:
                                • API String ID: 2175133113-0
                                • Opcode ID: 6cf13abf0c59fd9872e15b80f1245877783c72b92e51cd045b010cb5a9863655
                                • Instruction ID: 2ea8b0be057792495168bae1fbac04f4d6d53cd2b65155f3e4cc5cc60e0ec382
                                • Opcode Fuzzy Hash: 6cf13abf0c59fd9872e15b80f1245877783c72b92e51cd045b010cb5a9863655
                                • Instruction Fuzzy Hash: 5021A0B69003099FDB10CF9AD884A9EFBF9FB48314F14842EE919A7210D775A945CFA1
                                Function 013FD648 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 505 13fd648-13fd64e 506 13fd650-13fd6e4 DuplicateHandle 505->506 507 13fd6ed-13fd70a 506->507 508 13fd6e6-13fd6ec 506->508 508->507
                                APIs
                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 013FD6D7
                                Memory Dump Source
                                • Source File: 00000009.00000002.1412263300.00000000013F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_13f0000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: 6c6df27ada35a599e045909bdb43cdf43913ad0d927aea162362af2976be4a59
                                • Instruction ID: 04950a5ee47ea493a74ca4a8d6e81d819411fff44644fb943a9c19c2667b645f
                                • Opcode Fuzzy Hash: 6c6df27ada35a599e045909bdb43cdf43913ad0d927aea162362af2976be4a59
                                • Instruction Fuzzy Hash: FE21E4B59002499FDB10CF9AD884ADEFBF9EB48324F14842AE918B3350D378A955CF65
                                Function 013FD650 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 511 13fd650-13fd6e4 DuplicateHandle 512 13fd6ed-13fd70a 511->512 513 13fd6e6-13fd6ec 511->513 513->512
                                APIs
                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 013FD6D7
                                Memory Dump Source
                                • Source File: 00000009.00000002.1412263300.00000000013F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_13f0000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: 1ea34637e32031eab94fbd001ff93ec9267f6d108d9755417ff8978068d7f11d
                                • Instruction ID: d9e996619cae7584c619b121f0870003eb1a1d71083f11556f277d6273e341d6
                                • Opcode Fuzzy Hash: 1ea34637e32031eab94fbd001ff93ec9267f6d108d9755417ff8978068d7f11d
                                • Instruction Fuzzy Hash: 1D21E4B59002099FDB10CF9AD884ADEBBF5EB48320F14801AE918A3350D378A944CF65
                                Function 08584FDF Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 516 8584fdf-8584fe0 517 8584fe2-8585026 516->517 518 8584f65-8584f71 516->518 520 85853e8-85853ee 517->520 521 858502c-8585061 517->521 519 8584f7a-8584f83 518->519 522 85853f4-8585409 520->522 521->522 523 8585067-8585085 521->523 526 8585411-8585417 522->526 524 858508c-8585091 523->524 525 8585087 523->525 527 8585094-858509e 524->527 525->524 529 858541d-8585426 526->529 527->526 528 85850a4-85850ab 527->528 530 85850ad-85850c6 528->530 531 85850e3-85850f4 528->531 538 858542c-858544a 529->538 530->529 533 85850cc-85850d0 530->533 531->527 532 85850f6-8585101 531->532 536 85851a9-85851b3 532->536 537 8585107-858510e 532->537 534 8585250-85853a0 533->534 535 85850d6-85850e2 533->535 568 85853b1-85853e7 534->568 569 85853a2-85853a5 534->569 541 85851b9-85851ba 536->541 542 8585455-858545b 536->542 539 85851bf-85851e1 537->539 540 8585114-8585121 537->540 538->542 545 85851e8-85851f2 539->545 546 85851e3 539->546 543 8585128-858514f 540->543 541->534 543->538 548 8585155-858518b 543->548 547 85851f5-8585216 545->547 546->545 549 8585218 547->549 550 858521d-8585233 547->550 551 858518d 548->551 552 8585192-858519e 548->552 549->550 554 858523a-8585248 550->554 555 8585235 550->555 551->552 552->543 556 85851a0-85851a6 552->556 554->547 557 858524a-858524d 554->557 555->554 556->536 557->534 569->568
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID: @
                                • API String ID: 0-2766056989
                                • Opcode ID: d72bbe6beeec7060f4595618a595d891c4c529a74cb33751970f84b1a33943ea
                                • Instruction ID: 3d99a4995c643a27de1ca93cd9c7bbb4ebdd047b02d6613923636ac9db5a8f8b
                                • Opcode Fuzzy Hash: d72bbe6beeec7060f4595618a595d891c4c529a74cb33751970f84b1a33943ea
                                • Instruction Fuzzy Hash: 83E19174E00229CFDB51DFA9C880A9DBBF1BF49215F1485AAD819F7345E731A981CF50
                                Function 0B022129 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 571 b022129-b02212c 572 b022194-b02219a 571->572 573 b02212e-b022193 PostMessageW 571->573 574 b0221a3-b0221b7 572->574 575 b02219c-b0221a2 572->575 573->572 575->574
                                APIs
                                • PostMessageW.USER32(?,?,?,?), ref: 0B02218D
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439963882.000000000B020000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B020000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_b020000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID: MessagePost
                                • String ID:
                                • API String ID: 410705778-0
                                • Opcode ID: c86b5b11781b566bd1e4395f115ee099400f25aff68eb480fa44fb0c46ae2f50
                                • Instruction ID: b0a0572ef3407307d148f72f88aebf57c4a954369d656c3c6f501cde9aa8ca5b
                                • Opcode Fuzzy Hash: c86b5b11781b566bd1e4395f115ee099400f25aff68eb480fa44fb0c46ae2f50
                                • Instruction Fuzzy Hash: 981113B58003499FDB24CF9AD884BDEBBF4EB48314F20845AE558A7211C3B9A584CFA1
                                Function 013FAF58 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                Download Yara Rule
                                APIs
                                • GetModuleHandleW.KERNELBASE(00000000), ref: 013FAFBE
                                Memory Dump Source
                                • Source File: 00000009.00000002.1412263300.00000000013F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013F0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_13f0000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID: HandleModule
                                • String ID:
                                • API String ID: 4139908857-0
                                • Opcode ID: 81b3eaddf80b44ad019a6c6f8b5a37582b08bd00e2a7c9728f1285aa93fd4ca4
                                • Instruction ID: 44d0ee233236753a5bbcf6d7d8d5a0f59528de1ba9a1a1afbe8c5c4ded6716a3
                                • Opcode Fuzzy Hash: 81b3eaddf80b44ad019a6c6f8b5a37582b08bd00e2a7c9728f1285aa93fd4ca4
                                • Instruction Fuzzy Hash: 15110FB5C003498FDB10CF9AC844ADEFBF4AB88214F10842AD528A7640D379A549CFA1
                                Function 0B022130 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                Download Yara Rule
                                APIs
                                • PostMessageW.USER32(?,?,?,?), ref: 0B02218D
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439963882.000000000B020000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B020000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_b020000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID: MessagePost
                                • String ID:
                                • API String ID: 410705778-0
                                • Opcode ID: 8d6c517e4bb49157b00452cd7425b2325cfb06377c9a9cf197111c1c6d9f0242
                                • Instruction ID: d4426de3b46d3a4a312156c12dd0d4de03f424d90ad1c3acd0c28ba2e92032e4
                                • Opcode Fuzzy Hash: 8d6c517e4bb49157b00452cd7425b2325cfb06377c9a9cf197111c1c6d9f0242
                                • Instruction Fuzzy Hash: 5B11E2B58003499FDB10DF9AD885BDEFBF8EB48320F10845AE558A7250D375A944CFA1
                                Function 059AD610 Relevance: 1.3, APIs: 1, Instructions: 47COMMON
                                Download Yara Rule
                                APIs
                                • CloseHandle.KERNELBASE(?), ref: 059AD668
                                Memory Dump Source
                                • Source File: 00000009.00000002.1436891559.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_59a0000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID: CloseHandle
                                • String ID:
                                • API String ID: 2962429428-0
                                • Opcode ID: ddb57e782e691dedc434f9fce7f1579ac667c8baa7ceeb9512b7aa75122c953c
                                • Instruction ID: 6c8c600cb696112b8c695c00c8a6dce7862cad45268a75d1bd7addb2e9e99f26
                                • Opcode Fuzzy Hash: ddb57e782e691dedc434f9fce7f1579ac667c8baa7ceeb9512b7aa75122c953c
                                • Instruction Fuzzy Hash: 431145B6800349CFDB10DF9AC444BDEBBF4EB48320F10842AD558A7740D378A544CFA5
                                Function 059AD609 Relevance: 1.3, APIs: 1, Instructions: 46COMMON
                                Download Yara Rule
                                APIs
                                • CloseHandle.KERNELBASE(?), ref: 059AD668
                                Memory Dump Source
                                • Source File: 00000009.00000002.1436891559.00000000059A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059A0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_59a0000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID: CloseHandle
                                • String ID:
                                • API String ID: 2962429428-0
                                • Opcode ID: a5dd3cb4d813672c69b39613689ebebb8035eabaffb349decd28eb31cf79c64b
                                • Instruction ID: bdbe3d71bc0a27ebafe99d9aad63cf37ac98fe52202bcf94ebeeeaa53ae57309
                                • Opcode Fuzzy Hash: a5dd3cb4d813672c69b39613689ebebb8035eabaffb349decd28eb31cf79c64b
                                • Instruction Fuzzy Hash: 861136B5800309CFDB10CF99C545BDEBBF4EF48320F20841AD958A7640D378A545CFA5
                                Function 08584038 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID: 7
                                • API String ID: 0-1790921346
                                • Opcode ID: 13c71362f02aa1f8fd9187bfbf76e1b89960f54405107ef449a06a3b04c90a1f
                                • Instruction ID: 917421ee8de255f6441b8a1b751146a8fba839329414a21eb831a3ae3228d1e0
                                • Opcode Fuzzy Hash: 13c71362f02aa1f8fd9187bfbf76e1b89960f54405107ef449a06a3b04c90a1f
                                • Instruction Fuzzy Hash: 44E0C23480520DDBCB10FFF4E404BAEB7B8B741206F50059AC80667340E7301A45C646
                                Function 08583348 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID: 6
                                • API String ID: 0-498629140
                                • Opcode ID: 930f5e241f14f57f431ad968b04eae5bcd87cc31a36c151b20fc265c9b22facd
                                • Instruction ID: ea8047fa836025a9572ed2a0401e24021a8f2089816052a55af915f2fb7586e4
                                • Opcode Fuzzy Hash: 930f5e241f14f57f431ad968b04eae5bcd87cc31a36c151b20fc265c9b22facd
                                • Instruction Fuzzy Hash: 12E0C23080420CEBDB14EFB4D4086EDBBB9F706202F1045AEC405A3340EF315A41D742
                                Function 08587450 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID: m
                                • API String ID: 0-3775001192
                                • Opcode ID: b5ae04ad6f99c23e9fe7e14cc9cb10f8952702f00ee2714c2a80e06df3b0a9f0
                                • Instruction ID: 2547317228ce79f55d702894789e7e3cd772b2dca1894701a73b12611336f883
                                • Opcode Fuzzy Hash: b5ae04ad6f99c23e9fe7e14cc9cb10f8952702f00ee2714c2a80e06df3b0a9f0
                                • Instruction Fuzzy Hash: 51E0C238D0520CDBDB04FFF8D4447AD7BB8B709202F2005DAC40563360D7311A44CAA1
                                Function 08582C38 Relevance: .4, Instructions: 437COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9ff69547e6963b39279d4c08e79c9352647aa7fb3e774a83f1fbc8da16960c07
                                • Instruction ID: 2c93204d0916782d76db844b4e4d99aaff62c64a146f09754a66fa77f7e42ab3
                                • Opcode Fuzzy Hash: 9ff69547e6963b39279d4c08e79c9352647aa7fb3e774a83f1fbc8da16960c07
                                • Instruction Fuzzy Hash: 0AE17E30B00219CFDB15EFB9D85866D7BE6BF89612F1544AAE406EB360DB70DC42CB91
                                Function 08583D9E Relevance: .2, Instructions: 230COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f368481ae84f8a9d8bfc885b13546de92fbb3c5c3d0d6526e8bece1d2648ee57
                                • Instruction ID: df67174afe1e9bb0deed6f282451f857522237c5f5566c333bba7d0ff20d44f5
                                • Opcode Fuzzy Hash: f368481ae84f8a9d8bfc885b13546de92fbb3c5c3d0d6526e8bece1d2648ee57
                                • Instruction Fuzzy Hash: 7B91C074E04218DFCB54DFA9C480AEEBBF2BB89715F20856AD819EB345E73599028F40
                                Function 08586D37 Relevance: .2, Instructions: 193COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 74508b3c297c1e225c085b5387b3f2b583f66c4e1002e86000b073cc6c8a024a
                                • Instruction ID: f4396a9fa10764d2fdbef273d460dc78838b3f3bb63869870ba92d17ba3e6653
                                • Opcode Fuzzy Hash: 74508b3c297c1e225c085b5387b3f2b583f66c4e1002e86000b073cc6c8a024a
                                • Instruction Fuzzy Hash: 2C817075E04219DFDB11DFA8C884AAEBBF1BF59205F1084AAE819FB315E7319946CF40
                                Function 085880EA Relevance: .2, Instructions: 166COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6adf50d61042a5e77b1ebc9816ea73342367b9678093829ba340a98eeb0080cc
                                • Instruction ID: 9e1ac0e3706fd981ad215ec8452093e3a0165a5f53a26cf6fa2d7bed9857be83
                                • Opcode Fuzzy Hash: 6adf50d61042a5e77b1ebc9816ea73342367b9678093829ba340a98eeb0080cc
                                • Instruction Fuzzy Hash: 35616978E04229CFCB10DFA9C980AADBBF1FB49315F64956AD819F7305D734A9828F50
                                Function 08584894 Relevance: .2, Instructions: 156COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 60bd56cc9ff3924146378c5cf8e10470c15d4028b813c9a5a135e547b708528a
                                • Instruction ID: cbb87513dfaa62cf258e934278b76ecfd6a02c0dd821e1fafcda1b0c67ee6c27
                                • Opcode Fuzzy Hash: 60bd56cc9ff3924146378c5cf8e10470c15d4028b813c9a5a135e547b708528a
                                • Instruction Fuzzy Hash: DF518034B00216CFDB15EFB998445AEBBF7FFC4221714856AE42AEB391EB309C058791
                                Function 0858AE30 Relevance: .1, Instructions: 134COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e79585099c0266479acd71e3bd296defbc9c9cd8031fa56241b1d5b88a797e9d
                                • Instruction ID: 077bd9ed7b71a4c1771b91b0ca55dd131bce0f140c646497ed342dbbe2929f1c
                                • Opcode Fuzzy Hash: e79585099c0266479acd71e3bd296defbc9c9cd8031fa56241b1d5b88a797e9d
                                • Instruction Fuzzy Hash: 3251E8B4E04229CFDB08DFA6C8446EEBBFABF89301F14942AD419BB355DB745806CB51
                                Function 085886E0 Relevance: .1, Instructions: 114COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 741e74c77d5e8ee896b41e6b4b365b9cc08dae2c2e97fea4c9460a5f26aa5c9d
                                • Instruction ID: 908273d17212ebca828e63c5d6006a1b09624d9e3244f02feb053e5f08c07bfb
                                • Opcode Fuzzy Hash: 741e74c77d5e8ee896b41e6b4b365b9cc08dae2c2e97fea4c9460a5f26aa5c9d
                                • Instruction Fuzzy Hash: CB41E678E00218DFDB44EFA9D840AAEB7F2FB89215F50896AD815F7350D736AD068F50
                                Function 08582FB0 Relevance: .1, Instructions: 110COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0dacd1b1f08f7b7b442dc690e5cc027e88ced6c77c9ddfaf4f852eb730385739
                                • Instruction ID: c55e59e0c72233f2bb246adbbb6e6ea7b7641613f03aed03d2eb0aa7fec09d9c
                                • Opcode Fuzzy Hash: 0dacd1b1f08f7b7b442dc690e5cc027e88ced6c77c9ddfaf4f852eb730385739
                                • Instruction Fuzzy Hash: 8941B174E0060ADFDB14EFB9D8685EEBBF6BF49642F10842AD905F3254EB309941CB51
                                Function 085886CF Relevance: .1, Instructions: 109COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ae74d77d0c31ae80747d1d2903b7d62752d729b66bd5ccf4e7c3657eeeb35cc9
                                • Instruction ID: d1c21e6d5b03145691f4ff3ca7e9ee393430d7765945dbc3ca153e69626ba3e5
                                • Opcode Fuzzy Hash: ae74d77d0c31ae80747d1d2903b7d62752d729b66bd5ccf4e7c3657eeeb35cc9
                                • Instruction Fuzzy Hash: 1E413A74E00218DFDB44EFA9D840A9EB7F2FF89215F50896AD415E7350EB32AD06CB50
                                Function 08584428 Relevance: .1, Instructions: 107COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 08445c68d39ae5ed9c4696dcaec1f4ed1d7a078bfc1e88d2c32dade6b2b003c3
                                • Instruction ID: 43a6923943f5b40026a9935b1c3d9bea08ce4ac64b6e358d2264927659ac3d91
                                • Opcode Fuzzy Hash: 08445c68d39ae5ed9c4696dcaec1f4ed1d7a078bfc1e88d2c32dade6b2b003c3
                                • Instruction Fuzzy Hash: 4041C574E00119DFCB44EFA9D590AAEBBF2FB89305F10842AE915B7354DB31AD42CB54
                                Function 08584417 Relevance: .1, Instructions: 104COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2a8b0d333a4c5a7abb707d33846f5a2d4103e7dbb4477dab7287e616c69d150a
                                • Instruction ID: d2acba4abf46460bfc9cdfeea287f762298bf8c88985f9c33a87a426b78b0caf
                                • Opcode Fuzzy Hash: 2a8b0d333a4c5a7abb707d33846f5a2d4103e7dbb4477dab7287e616c69d150a
                                • Instruction Fuzzy Hash: 15410874E0021ADFCB45EFA8D840AEEBBF2FB89205F10846AE815B7350DB359D02CB55
                                Function 0858592C Relevance: .1, Instructions: 103COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 28d3cfd2da4cde15c16ec5633ec668578cf37d8dcb0e7c49d49a78a6874987f8
                                • Instruction ID: a14fd8e570137dfa1beff26edc835d44bddaa626f73998bed58ee994907f5309
                                • Opcode Fuzzy Hash: 28d3cfd2da4cde15c16ec5633ec668578cf37d8dcb0e7c49d49a78a6874987f8
                                • Instruction Fuzzy Hash: E6316875900209EFCB10DFA9D884ADEBBF9FF48320F10846AE909B7210D335A945CFA0
                                Function 0858AE20 Relevance: .1, Instructions: 102COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f340aeba219ec73c16fce26fa992b80a204b3b1c5e48c4579c69049ddb938fa1
                                • Instruction ID: d5e320dd5ae4ffd910457e8449f5287962d723eb08c37f04d6c072a7fd1f274e
                                • Opcode Fuzzy Hash: f340aeba219ec73c16fce26fa992b80a204b3b1c5e48c4579c69049ddb938fa1
                                • Instruction Fuzzy Hash: A6410AB4D08258CFDB09DFA6C8446EEBBB6BF89301F14942AC419BB359DB745806CB52
                                Function 08584EC9 Relevance: .1, Instructions: 86COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4fdccb4fd748aacfe3b78a3b8abc0a2143f52d4af94e702bed88d68e971e55a0
                                • Instruction ID: 35cd1deda5a2c03c68390212fd9dae8de8e63a33236f07f7132d4293beb9755b
                                • Opcode Fuzzy Hash: 4fdccb4fd748aacfe3b78a3b8abc0a2143f52d4af94e702bed88d68e971e55a0
                                • Instruction Fuzzy Hash: ED31A2B4E0524ADFCB40DFA8D9856AEBBF0FB09201F1484AAD804F7340E7349A41CFA5
                                Function 08585AB0 Relevance: .1, Instructions: 78COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4796c8eb568f02b5cd2449ccb96bdb803ea8af717bb1402b8ce84dfb7d5ea1ca
                                • Instruction ID: 593d37182add7b6d33ee4d3ae620ad22edf526eb466dbd00030678d878e03498
                                • Opcode Fuzzy Hash: 4796c8eb568f02b5cd2449ccb96bdb803ea8af717bb1402b8ce84dfb7d5ea1ca
                                • Instruction Fuzzy Hash: 68210479A003558FDB02EF7898506EF7BB3EFC5161B14856BC459DB201EA30490A87A2
                                Function 0134D3D8 Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1411728573.000000000134D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0134D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_134d000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8ccce7183a8727f7208266d780d286668ead553e043b8ac4b4fc3141018d1b77
                                • Instruction ID: 99d67b7a47db5b183ade185dced32d5904ef1c1be03c0bea243c45aab5c5fbdb
                                • Opcode Fuzzy Hash: 8ccce7183a8727f7208266d780d286668ead553e043b8ac4b4fc3141018d1b77
                                • Instruction Fuzzy Hash: 68213671500204DFDB01DF54D9C0B56BBA5FB94328F24C169E80A1B356C736F456CAA2
                                Function 0135D1D4 Relevance: .1, Instructions: 72COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1411850316.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_135d000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1454a9a72c8c4cd488e39a5a7c33d90f9fb5507fe367c72c29a5e23b50180cca
                                • Instruction ID: 93ec91a5e6693dd3696ea04ed92d0e2851df6d44dc3c5a530faee05868cf02ab
                                • Opcode Fuzzy Hash: 1454a9a72c8c4cd488e39a5a7c33d90f9fb5507fe367c72c29a5e23b50180cca
                                • Instruction Fuzzy Hash: CC213471504304EFDB41DF94D9C0F26BBA5FB84728F24C5ADEC094B282C336D846CA62
                                Function 0135D01C Relevance: .1, Instructions: 72COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1411850316.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_135d000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 52e6b155fd54c523d3a1db843cdaeed70c81550bb09a5b1e65009cdf4819f6e2
                                • Instruction ID: 061fc2ac6d32ca62bb29ad810a8228a2ebbe10799a507bd3d897c4754b7af6ad
                                • Opcode Fuzzy Hash: 52e6b155fd54c523d3a1db843cdaeed70c81550bb09a5b1e65009cdf4819f6e2
                                • Instruction Fuzzy Hash: F3210071604344DFDB55DF54D8C0F26BB65FB84618F24C569DC0A4B286C33AD807CAA2
                                Function 08585C94 Relevance: .1, Instructions: 71COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 470d452dc9b75e2d8234488db876d1ee63d5bef07f3abcfc487380b57a116601
                                • Instruction ID: 35b9200bdac6a7d0f357a8245d90f68c63108aea1d142b06ec9872b1513f19ad
                                • Opcode Fuzzy Hash: 470d452dc9b75e2d8234488db876d1ee63d5bef07f3abcfc487380b57a116601
                                • Instruction Fuzzy Hash: 3731E0B4C01258DFDB20DF9AD889B8EBFF5BB08310F24846AE408BB250D3B55945CFA1
                                Function 08586FA0 Relevance: .1, Instructions: 71COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: db7ad4b0335b159641efed786595d039b2f210d0afcef9bf7a7e7d3bf06bd859
                                • Instruction ID: c920a54f93ed92cb16a7e49bb2eb070d63de194fae973e3a3ce2b094a224c2d6
                                • Opcode Fuzzy Hash: db7ad4b0335b159641efed786595d039b2f210d0afcef9bf7a7e7d3bf06bd859
                                • Instruction Fuzzy Hash: 3611C43470A384EFCB06DB748C165AD7FF5DE4312172544EBE848DB253E9259D0AC762
                                Function 08585748 Relevance: .1, Instructions: 67COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5eedcf05b157f109e5711cc2d950c3f1d224a0cfd93228ba55db940e86c747c5
                                • Instruction ID: bc9bbe425d4d29dd65b839bd931cbd717c7951dfcde57076cb518906951a04f7
                                • Opcode Fuzzy Hash: 5eedcf05b157f109e5711cc2d950c3f1d224a0cfd93228ba55db940e86c747c5
                                • Instruction Fuzzy Hash: 9331C2B0D01218DFDB20DF9AC588B8EBBF5BB08314F14846AE404BB250D7B55945CFA5
                                Function 0135D006 Relevance: .1, Instructions: 60COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1411850316.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_135d000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c80ce70c0445d3f1dfd58f3bdfecc2b8a45dcc7f2f35eca2ec4e315ccd07f247
                                • Instruction ID: 4b73ad5cfdebd009e1f4fa23566e5fb337b93718527bf2f8182d8483fad6d5b6
                                • Opcode Fuzzy Hash: c80ce70c0445d3f1dfd58f3bdfecc2b8a45dcc7f2f35eca2ec4e315ccd07f247
                                • Instruction Fuzzy Hash: DF21A1755093808FDB03CF64D9D0B15BF71EB45218F28C5EAD8498B6A7C33AD44ACB62
                                Function 08585608 Relevance: .1, Instructions: 58COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d2ee85ac10752c791ed61374c3d7cd57d801d9a0b2e1bcfb01cc1f1f0bdfba69
                                • Instruction ID: a4f735465f2ea2f5d78d625bad798aaabc62126ba0591a6476619b4178247c82
                                • Opcode Fuzzy Hash: d2ee85ac10752c791ed61374c3d7cd57d801d9a0b2e1bcfb01cc1f1f0bdfba69
                                • Instruction Fuzzy Hash: 27114C71B0021ACBDB14FBBA98006EEBBB6BF84211B50407EC505F7340EB318E058BA5
                                Function 0858593C Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ed74eab8be54623ec71fdcdbff6dbd94e9a23b1a0f1ff1a2c02d98f7e15f8271
                                • Instruction ID: 0c0c3d2fcfc18d2b7c8843f88d0a5400b0fc67f2d9991e0df94b009a31422cec
                                • Opcode Fuzzy Hash: ed74eab8be54623ec71fdcdbff6dbd94e9a23b1a0f1ff1a2c02d98f7e15f8271
                                • Instruction Fuzzy Hash: A22103B5800349DFCB10DF9AD884BDEBBF5FB48310F10842AE918A7610D375A955CFA1
                                Function 0858BCD0 Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9e6881a3da21d83b4eb7fe9e5c1bc6cf7f6afcf34010c8fd856633d072b2f2b8
                                • Instruction ID: 4c28295919f02ac0db8d9327e9c254aba603bf8e6512ba2fa5a9fc3a415f2fc1
                                • Opcode Fuzzy Hash: 9e6881a3da21d83b4eb7fe9e5c1bc6cf7f6afcf34010c8fd856633d072b2f2b8
                                • Instruction Fuzzy Hash: A821D0B1D006189BEB18DF9BC9457DEFAF6BFC9301F04C06AD80976264DB7409468FA0
                                Function 0134D3D3 Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1411728573.000000000134D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0134D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_134d000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
                                • Instruction ID: a0fac5f81d407c71d83b67405f00cb8470780261b09c09c41e168c52321fb979
                                • Opcode Fuzzy Hash: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
                                • Instruction Fuzzy Hash: CE11CD76404240CFCB02CF54D5C0B56BFA1FB94228F2482A9D8090A656C33AE456CBA1
                                Function 0858BCD8 Relevance: .1, Instructions: 54COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2d49dfeada40d5203bc84f0c857d88c595d45ff6aa88ff95e4007460238612e4
                                • Instruction ID: 19348afcf45f846dc1de55c644ebb7e9f0961416e46de2ac0fd77a474f4af874
                                • Opcode Fuzzy Hash: 2d49dfeada40d5203bc84f0c857d88c595d45ff6aa88ff95e4007460238612e4
                                • Instruction Fuzzy Hash: 4811B0B1D006189BEB18DF9BC9447DEBAF6BFC9301F04C06AD40976264DB7409458FA0
                                Function 0135D1CF Relevance: .1, Instructions: 53COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1411850316.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_135d000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
                                • Instruction ID: fb9a6ec559502f8171399ac5d470e8eae0d2b776e17a017bb42f2bd853523eba
                                • Opcode Fuzzy Hash: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
                                • Instruction Fuzzy Hash: 3B11BB75504280DFCB02CF54C5C0B15BBB1FB84628F28C6AEDC494B696C33AD44ACB61
                                Function 0858AEA0 Relevance: .1, Instructions: 51COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6869ee68ae27f23bd407710b2c8408cae4818eea8cce9f5aafb0ab6ca7b03d69
                                • Instruction ID: 815bc4e72209457e0bb0dcfe34d5cd1561e253f284e27c64014d9121535c4f55
                                • Opcode Fuzzy Hash: 6869ee68ae27f23bd407710b2c8408cae4818eea8cce9f5aafb0ab6ca7b03d69
                                • Instruction Fuzzy Hash: A111C375E00219CFCF05CFE8C8809ADBBB2FF48314F20816ADA19AB265D7316956CB51
                                Function 0858E410 Relevance: .0, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 057ea88d87ddec0b0f6e1104e5a40fffa1c4d4021a4cb885994ba23903fb4fe6
                                • Instruction ID: bd87053ec9517228d24210e9efb23ef8fcc73b82d94f5e8a7e5eb9a804a3fdd4
                                • Opcode Fuzzy Hash: 057ea88d87ddec0b0f6e1104e5a40fffa1c4d4021a4cb885994ba23903fb4fe6
                                • Instruction Fuzzy Hash: 7601F530504259CFDB40FBA5D8457AD77BBFBCA342F008A2AC106AB699EF705805CF52
                                Function 0134D759 Relevance: .0, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1411728573.000000000134D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0134D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_134d000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 03ed95a37e3f7293354e7a9054380940cdb84455593d2f400a0cfccb16617b13
                                • Instruction ID: 442d2f59900071a000660a3e12a8f727208573033bef65f753d270b2ffa8f621
                                • Opcode Fuzzy Hash: 03ed95a37e3f7293354e7a9054380940cdb84455593d2f400a0cfccb16617b13
                                • Instruction Fuzzy Hash: DE01A2311043849BF710CEAACD84B66BFDCDF51668F18845AED094A287D779A840CAB2
                                Function 085885C0 Relevance: .0, Instructions: 40COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 61b302924922ea10803c7da882f16bdf23e823981c2ad75eaf4e64840b6695a7
                                • Instruction ID: 272142a29b6d03b939d9b2d7932275f5de70b681aded4da48bbaa50c0008fa99
                                • Opcode Fuzzy Hash: 61b302924922ea10803c7da882f16bdf23e823981c2ad75eaf4e64840b6695a7
                                • Instruction Fuzzy Hash: 2A01D6B8E04209DFCB44EFA9C9406AEBBF5FB49201F5085AAC819F3345E731AA01CB51
                                Function 0858CA78 Relevance: .0, Instructions: 39COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ea9bed74d7e877ec20cb9958137142906d209b3698fc2cab1233c9c50d51db5e
                                • Instruction ID: 8a559b2a038c3b1f5b8b037afe24bdbfd42110091000d1df5a55e67ff5eb7433
                                • Opcode Fuzzy Hash: ea9bed74d7e877ec20cb9958137142906d209b3698fc2cab1233c9c50d51db5e
                                • Instruction Fuzzy Hash: 39F04F70908208DBD744EF56D5409BCB7BABB4A302F08D9AAD4096B211D7309E04DB60
                                Function 08586C18 Relevance: .0, Instructions: 39COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fc6fe80ad7cd25af8714f5ecff907514a9d40141d875ca3b5b38a572d227de6c
                                • Instruction ID: f69a704f8a0bc288b1b80ad9274e11a55303e6f157cba69f5aac0e129b678bc8
                                • Opcode Fuzzy Hash: fc6fe80ad7cd25af8714f5ecff907514a9d40141d875ca3b5b38a572d227de6c
                                • Instruction Fuzzy Hash: 6F017C74D0524ADFCB15CFA8C9456AEBFF1FB0A311F2445AAC814E7782D7314A05DB12
                                Function 085832C2 Relevance: .0, Instructions: 39COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a2ea66142a40faeff690ee51623a4c4cb9db6df13ca8895d31af87eaaa3d6fa6
                                • Instruction ID: c6b0e386e0daba2729d61e9f60f82e54bf0e992dbe215c7e34605ac87f1a5391
                                • Opcode Fuzzy Hash: a2ea66142a40faeff690ee51623a4c4cb9db6df13ca8895d31af87eaaa3d6fa6
                                • Instruction Fuzzy Hash: 2201A2749092559FCB12DFA8C40069DBBF1FF07315F1445CEC894AB382CB359A05CB41
                                Function 0858BE7E Relevance: .0, Instructions: 38COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5470e0f7ff17517cfc3c360a67670f84de420b95a2de78ae20dd938e6b6901e4
                                • Instruction ID: c2d3937ecab5fd0e1b3fc1c001a1cabe0561d5f250e0aa7032eb096978eae221
                                • Opcode Fuzzy Hash: 5470e0f7ff17517cfc3c360a67670f84de420b95a2de78ae20dd938e6b6901e4
                                • Instruction Fuzzy Hash: AF010834908259CFCB14DFA4C984AA8B7B6FF4A312F1045A9D40ABB355D7349D45CF11
                                Function 085885B0 Relevance: .0, Instructions: 38COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c9fe0b6e2e2fa9706c91cb7a9f6841d8a3501ce829d02262653e47a82d60da7d
                                • Instruction ID: 9c313828675b08b36f88aad282693baec9cc4e039c576eea6e741619609f0575
                                • Opcode Fuzzy Hash: c9fe0b6e2e2fa9706c91cb7a9f6841d8a3501ce829d02262653e47a82d60da7d
                                • Instruction Fuzzy Hash: 3E018F749052499FCB01DFA8C90069EBBF1FF46211F6485AEC854E7341D7359A41CB51
                                Function 08586055 Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5a1b70669ec5c46c9c6b9834a3ea46c1884027fa8544cda045a1248e5c86998c
                                • Instruction ID: c7e250003579c59052ead76861c39051c5562eeaacfe768612bc115407588919
                                • Opcode Fuzzy Hash: 5a1b70669ec5c46c9c6b9834a3ea46c1884027fa8544cda045a1248e5c86998c
                                • Instruction Fuzzy Hash: C4011A70800219DFDB24DF69C8097AE7AF1FF58362F14866AE424AB1A0D3754A84CBD5
                                Function 085843B0 Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fceea1b5d3632bcd5d44a27adbff75f29b11c99fd3b76fa131a9c92cb64ed87e
                                • Instruction ID: a038bdc97d53b6d79e8ce58256180979ae31ed0c65233e1ecceef57121794f13
                                • Opcode Fuzzy Hash: fceea1b5d3632bcd5d44a27adbff75f29b11c99fd3b76fa131a9c92cb64ed87e
                                • Instruction Fuzzy Hash: 6C01DC78D0930ACFCB05CFA8C8405AEBBB0FB0A301F2484AED864A3351D7344A02DB11
                                Function 08585898 Relevance: .0, Instructions: 36COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 59a19781ac8ad6929b2da025187b298757255c77cbb4c28d2789703507c12820
                                • Instruction ID: 2de376a41d0f341b9690d723e07b9e40b308b3144a62f8a1ceffa0ecb4c364c0
                                • Opcode Fuzzy Hash: 59a19781ac8ad6929b2da025187b298757255c77cbb4c28d2789703507c12820
                                • Instruction Fuzzy Hash: 0EF0F83646E3A2ABF7027F7CA8B13DE7F62AE93225B048893C0904D053D515449DC6EF
                                Function 08583D21 Relevance: .0, Instructions: 36COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6fa7434a20840c44af293dec97b68e71ebdbaf36e3ef588375ddb76ca370a1f6
                                • Instruction ID: 1f4498edb8119cbf05e89a603ea0432634b23c680d34d923c37b8a2e73defef2
                                • Opcode Fuzzy Hash: 6fa7434a20840c44af293dec97b68e71ebdbaf36e3ef588375ddb76ca370a1f6
                                • Instruction Fuzzy Hash: F201EF74D0A648EFCB55EFB9C8416ADBFB1FB0A201F0489EAC419E3311E3305A40CB41
                                Function 08587F41 Relevance: .0, Instructions: 36COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6914cbd5fd5c70f60527605d2bae74177e91e1f15c0b0e4064bbad8cb8334f66
                                • Instruction ID: 05b28aef1f59aa005e93a5e5cdafc675926d39d59b1a890c29086c2a02e1903c
                                • Opcode Fuzzy Hash: 6914cbd5fd5c70f60527605d2bae74177e91e1f15c0b0e4064bbad8cb8334f66
                                • Instruction Fuzzy Hash: 68018C74D0934ADFCB05DFA9C5006ADBBB5FF4A311F2485AAD814E7242E7344A01DB11
                                Function 08587049 Relevance: .0, Instructions: 36COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b5afcb3d6de1638c6e1978c0de61d68108b7f1bebe361e63ce3ca580cb11e63a
                                • Instruction ID: 40e743bbd58f5f94f85bf3b4714dbbe0989af6733833fbd632883994ee4c84c6
                                • Opcode Fuzzy Hash: b5afcb3d6de1638c6e1978c0de61d68108b7f1bebe361e63ce3ca580cb11e63a
                                • Instruction Fuzzy Hash: 15F0B435508255EFDB06DF68DC4099E7FBAEF45321B2480ABE448DB221E6319850C750
                                Function 085860F0 Relevance: .0, Instructions: 36COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8b90f43e1a5de187b9c192ed63643a228dbca16692327bc2d95ba1efcbb8287e
                                • Instruction ID: c56efb0a571160d435c6dddb676892f81f0811ee60d27fa836b22d012dfdc3d4
                                • Opcode Fuzzy Hash: 8b90f43e1a5de187b9c192ed63643a228dbca16692327bc2d95ba1efcbb8287e
                                • Instruction Fuzzy Hash: A1F0B4757082616FD315876DDC44D67BBF9FF8923031540AAE548CB322C9308C05C3A0
                                Function 0858C376 Relevance: .0, Instructions: 36COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3f95f6f5d1714dfd50b746d6a092306a0274691a0c43093902408d7d1d576dc5
                                • Instruction ID: 3ff4a3d78d403550dbee34d0445a11005c461b714677dd6b52591df263f57e35
                                • Opcode Fuzzy Hash: 3f95f6f5d1714dfd50b746d6a092306a0274691a0c43093902408d7d1d576dc5
                                • Instruction Fuzzy Hash: 8D011D30509248CFCB55DF64E591A9CBBBAFF0A212F1459CAD41A7B215C730AC85CF61
                                Function 08588549 Relevance: .0, Instructions: 36COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a7299ca4c34b011cd7363a7e86d2a46434c933f11c2632b26efe26a9136aa50f
                                • Instruction ID: 30b9c8cbaa2150ed195d237c6652d1849c802dc9ff121cf313e7874c11eed328
                                • Opcode Fuzzy Hash: a7299ca4c34b011cd7363a7e86d2a46434c933f11c2632b26efe26a9136aa50f
                                • Instruction Fuzzy Hash: 30F0F4B4D09248EFCB44EFB9D9556ADBBF0FF0A202F4088ABD458E7211E3305A44CB41
                                Function 0134D758 Relevance: .0, Instructions: 36COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1411728573.000000000134D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0134D000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_134d000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9d9b7c93643571126c7eb7a82e7aea0774c59b29589db5b0f4b8405a2ba378d2
                                • Instruction ID: c70dfbeb9336203f903d674fa4cb9a2ee4160467d300d228904cde517864c5ec
                                • Opcode Fuzzy Hash: 9d9b7c93643571126c7eb7a82e7aea0774c59b29589db5b0f4b8405a2ba378d2
                                • Instruction Fuzzy Hash: C8F062714043849FEB118E5ADD84B62FFE8EF51629F18C45AED084A287C379A844CAB1
                                Function 08586060 Relevance: .0, Instructions: 34COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: eeab4c7062a8d8538eb594d08d265a266b3c3a51274ada4b4b545f772e1d3127
                                • Instruction ID: df6255b611a91ea90dc30eb2238deb0aa1e2de735fd2b475ce9e5eaf0d8de6df
                                • Opcode Fuzzy Hash: eeab4c7062a8d8538eb594d08d265a266b3c3a51274ada4b4b545f772e1d3127
                                • Instruction Fuzzy Hash: 8501FB70800219DFDB14DF6AC8087AEBAF1FF48351F10862AE424AB290D7754A44CFD4
                                Function 0858A3D8 Relevance: .0, Instructions: 34COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ffe8022c5b45e83b7d2a25aef96c3f8e2028d66e7b27af2f9bf349b1b3df1e45
                                • Instruction ID: c4144d776cfaeddd32b0977267d963f8d41fe544c5052d4d550bc6c06bcde5d5
                                • Opcode Fuzzy Hash: ffe8022c5b45e83b7d2a25aef96c3f8e2028d66e7b27af2f9bf349b1b3df1e45
                                • Instruction Fuzzy Hash: D8F0273504E3E55FCB17ABB46D195A53F70AB03112B180ADFD889D70E3D6190956C763
                                Function 08586100 Relevance: .0, Instructions: 32COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 21b8f4c7e88d13b6d23e0a4cfd2ea897ad16d228d7cbc045762adaa6e5d83ae1
                                • Instruction ID: b51598a5481a102cf1d847ff347014529f55532c686736e31d17e87ac94f438d
                                • Opcode Fuzzy Hash: 21b8f4c7e88d13b6d23e0a4cfd2ea897ad16d228d7cbc045762adaa6e5d83ae1
                                • Instruction Fuzzy Hash: 83E06D727002286F9304DAAEDC84D6BBBEEFBCC674311807AF908C7310D931AC00C6A0
                                Function 085883D8 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8c82e0e8aa880eedbad63d06e569b7aaaaf96dbb652c845b03ac3d6c59268601
                                • Instruction ID: 1409ba7e95418a59f13c52e6e3424b2c97a45c922e55cd0508974ea5ff694907
                                • Opcode Fuzzy Hash: 8c82e0e8aa880eedbad63d06e569b7aaaaf96dbb652c845b03ac3d6c59268601
                                • Instruction Fuzzy Hash: 44F0C2B8904256DFDB14CF68C441BAEBFB0FF09325F14499ED524DB342C77481058B90
                                Function 0858867A Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dbbadcd334ac158b56c6df37902369f4afe8fac7b2554abe4d8c9de198644a21
                                • Instruction ID: 4599f02f1c61c9b998e6b2d96e075b1b02ab69399d539cade8255853d0fc591e
                                • Opcode Fuzzy Hash: dbbadcd334ac158b56c6df37902369f4afe8fac7b2554abe4d8c9de198644a21
                                • Instruction Fuzzy Hash: D4F0D470E0A248EFCB55EFB9D44469DBFB1FB0A211F6489EAC458E3211E2345A54CB16
                                Function 0858BD8C Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8b9fac1e1302d6106b75647910cdcb6f0012df66e48175e1261318e222182823
                                • Instruction ID: 0ebf0976300dddf21f204182677134737e590f1d8818f707a0a971247e67a801
                                • Opcode Fuzzy Hash: 8b9fac1e1302d6106b75647910cdcb6f0012df66e48175e1261318e222182823
                                • Instruction Fuzzy Hash: 7CF01775A09248CFDB54DFA4E580AACB7B6FB0A302F105486D40ABB319C730AD81CF61
                                Function 085883E8 Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cc60066d47c3d27f2a9fe55be25d980e31be23994fccc2bcb83e8ac3290b3ef2
                                • Instruction ID: a971ffb6f3657621288086f4b16a41444a7bd09cc62c335e4188786e5329a16a
                                • Opcode Fuzzy Hash: cc60066d47c3d27f2a9fe55be25d980e31be23994fccc2bcb83e8ac3290b3ef2
                                • Instruction Fuzzy Hash: 4AF0DAB5D0420ADFDB44EFA9D841AAEBBF4FB48204F5089AAD918E7311D77095048B91
                                Function 0858F8C0 Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d0b69c0e4211a8fe28d9203130cfe34f584d741737157cd8ffb9be2c4fc11a71
                                • Instruction ID: 4e74aefe7c85e1420c20c319aba9f67480ba7cbdd57fe9ef07aa57f7251f5495
                                • Opcode Fuzzy Hash: d0b69c0e4211a8fe28d9203130cfe34f584d741737157cd8ffb9be2c4fc11a71
                                • Instruction Fuzzy Hash: D6F0C975D0020CEFCB44EFA9D404A9DBBB5EB49301F10C1AAD918A3354DA745A54DF51
                                Function 08584E90 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 37f6199dd91a13b7bbefdb095fa71a5d03c56bcd8708062424e0af87ce303c5d
                                • Instruction ID: e543a126ac8cd06b146e439873231561ce4d82463a70bf22f664aa508b9c2905
                                • Opcode Fuzzy Hash: 37f6199dd91a13b7bbefdb095fa71a5d03c56bcd8708062424e0af87ce303c5d
                                • Instruction Fuzzy Hash: 7CE0EC3590520DDBDB14FBB4D444AAD76B4BB06206F50459AC80573350D7715A889796
                                Function 0858BF4F Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 63dc54a8c0c725bd1ee97388e9f4a65c506edd94e861e521d3f3327d3797345a
                                • Instruction ID: e6be256c288558898e724cc8e6fe7ccfdf587c874dc68e267c3524fa56a93c50
                                • Opcode Fuzzy Hash: 63dc54a8c0c725bd1ee97388e9f4a65c506edd94e861e521d3f3327d3797345a
                                • Instruction Fuzzy Hash: 9AE09230908158CFD750DF28D444DA87B3AFF06201F0151E6C88A2B16AC730A940CF16
                                Function 08588380 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 93c4b104e1cb33962f4b1b41ad99f20b85e8d744722e63f7093c562cb5dd7674
                                • Instruction ID: 56e7411ea26772f590c98dc5f7007d12ba069f2cac62a6cd07658093e5f40685
                                • Opcode Fuzzy Hash: 93c4b104e1cb33962f4b1b41ad99f20b85e8d744722e63f7093c562cb5dd7674
                                • Instruction Fuzzy Hash: BDE0927095424ACFC710DB68CA09A8DBFB1FF08225F648699D024EB662C67941058B40
                                Function 08585FBD Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 92f4b9b7bffff11b2e5f20ca72cedeecddbf42a81f393ff34f111e61bcce31dd
                                • Instruction ID: 9e7bf6e3fc111bee332a2826e27b491f365552877fba99ae0437a34cec6a98a2
                                • Opcode Fuzzy Hash: 92f4b9b7bffff11b2e5f20ca72cedeecddbf42a81f393ff34f111e61bcce31dd
                                • Instruction Fuzzy Hash: 2FE0C2B2C04228CBCB20EFA8E9051DFFF71EF04621B014A5AE9527B004D3700A21CBC0
                                Function 08588390 Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 120b182eefea4c555981c46927ef74956bdc57a7fc4c6daa89c76a3bbee67d9f
                                • Instruction ID: b85a826701692e0d1f7fbc648263eaa6e2f545a09c1485fc1fe2b68735ea937e
                                • Opcode Fuzzy Hash: 120b182eefea4c555981c46927ef74956bdc57a7fc4c6daa89c76a3bbee67d9f
                                • Instruction Fuzzy Hash: F6E0B6B0D4420ADFD740EFB9CA05A5EBBF1BF08200F6189BAD019E7251EBB496048F91
                                Function 08585FC8 Relevance: .0, Instructions: 16COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                                • Instruction ID: f3d20c7c644753c64bde6edc64c1cf518dfc97c493e709b8cc591101fc7e680f
                                • Opcode Fuzzy Hash: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                                • Instruction Fuzzy Hash: 45D09E72D00139D78B10AFE9DC054DFFF79EF05651B418126E955AB100E3715A21DBD1
                                Function 0858A4A0 Relevance: .0, Instructions: 15COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b559747fa964f757ffa8ce0b7d4376755ca59990d4bd0222aad6497cfafddf60
                                • Instruction ID: de20f46cb628fc21607785a5158de16127f3c781167cbdbb9cace1fe200c8e52
                                • Opcode Fuzzy Hash: b559747fa964f757ffa8ce0b7d4376755ca59990d4bd0222aad6497cfafddf60
                                • Instruction Fuzzy Hash: 63D0A92000E3C66FD34676B9986CAD43FA18B0B302F0A18EF8489CA423D6260406CB36
                                Function 08588488 Relevance: .0, Instructions: 14COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2d245229d868c5accdd931152eeea2b34a01c8cc5a1066d21b74b0f4044bcfe0
                                • Instruction ID: e6375569c3ed8876036427d8a35207e1284e98195ef233179def0bd3bb680f00
                                • Opcode Fuzzy Hash: 2d245229d868c5accdd931152eeea2b34a01c8cc5a1066d21b74b0f4044bcfe0
                                • Instruction Fuzzy Hash: D5D0123715010CDE4B40FE95EC40D5377DCFB586007408433E544DB231E621E438D791
                                Function 085855D0 Relevance: .0, Instructions: 14COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b443c731976da6d3fb556e63d3e8edb402abc9baf387966647ee2b90d322ce5d
                                • Instruction ID: 898a8b925cc6ce734112891ac9554b02f5a0192ad426e2a10caf434396b755af
                                • Opcode Fuzzy Hash: b443c731976da6d3fb556e63d3e8edb402abc9baf387966647ee2b90d322ce5d
                                • Instruction Fuzzy Hash: FCD0A92900E2C05FC303A3208804C08BFB1AE9651270A84C7D2C4CE033D010882CD726
                                Function 0858A420 Relevance: .0, Instructions: 13COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8e24d36bcebc8dade38b564ddeaff6e40f033bdc008a82cb054046a277a3974e
                                • Instruction ID: 4398f5eb848562fb2f2df108fff38414ea037a4e3f9359c18104ae1ee727b060
                                • Opcode Fuzzy Hash: 8e24d36bcebc8dade38b564ddeaff6e40f033bdc008a82cb054046a277a3974e
                                • Instruction Fuzzy Hash: FCD0A93600AB85CFD702BB64A40C2A07EB0BB03203F4800AAE18D85472EAE08844CB13
                                Function 0858C41F Relevance: .0, Instructions: 11COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 797b5cb5d44b226f51cd522f3565e1b1c67b3d0996dc3ee7059eaa76f5cb6bbd
                                • Instruction ID: a33a6e7125e44479ece735142bd81e47e81a13d59cd0f6ab75be143ffad35ce5
                                • Opcode Fuzzy Hash: 797b5cb5d44b226f51cd522f3565e1b1c67b3d0996dc3ee7059eaa76f5cb6bbd
                                • Instruction Fuzzy Hash: D7D01274908218CFCB44DF41C9417B97B76FB8D342F009452D81E72224C7300D418F60
                                Function 0858A430 Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 56e22fbc5b3afc37d459ff0bedb93b2088146cd5b02f951243817ab0f7d696b4
                                • Instruction ID: 84a6f7e6ff7d2c6c2e3d79a2ec952a35416eec5a42b67ae010a4b8ba24e6d1b8
                                • Opcode Fuzzy Hash: 56e22fbc5b3afc37d459ff0bedb93b2088146cd5b02f951243817ab0f7d696b4
                                • Instruction Fuzzy Hash: E4C08C320026088FE6143BAAA50D76432A8A703203F840019D60E404216BA04410CB67
                                Function 0858A654 Relevance: .0, Instructions: 9COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 89cd42d694cd2c37745c9f7c530b8efbed05ad86e069fd881589b40ad22a0776
                                • Instruction ID: 7816723348d0c80e441ec87732526a0cc7a910c111c3075397897035d7b2cb24
                                • Opcode Fuzzy Hash: 89cd42d694cd2c37745c9f7c530b8efbed05ad86e069fd881589b40ad22a0776
                                • Instruction Fuzzy Hash: 44D0C970914329CFDB52DF15D844BA9B7B7BB48301F008199800962204D7301E84CF92
                                Function 085858E4 Relevance: .0, Instructions: 8COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000009.00000002.1439278032.0000000008580000.00000040.00000800.00020000.00000000.sdmp, Offset: 08580000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_9_2_8580000_mWrixkEbVc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7d0e4a34463a2f26cd1b0f5f16df66fb3e47b81ef1dad11e3c1d376a053bc351
                                • Instruction ID: e04ca1005f6e7b5052e2419f22c260d7197e32efead353977af80e6cd1deca26
                                • Opcode Fuzzy Hash: 7d0e4a34463a2f26cd1b0f5f16df66fb3e47b81ef1dad11e3c1d376a053bc351
                                • Instruction Fuzzy Hash: E1B01239165601F39004B3F04C40B2F7602FBFA712BA08C0372166100094714428D62B

                                Execution Graph

                                Execution Coverage:9.5%
                                Dynamic/Decrypted Code Coverage:100%
                                Signature Coverage:0%
                                Total number of Nodes:360
                                Total number of Limit Nodes:17
                                execution_graph 44132 18d4668 44133 18d467a 44132->44133 44134 18d4686 44133->44134 44138 18d4779 44133->44138 44143 18d3e34 44134->44143 44136 18d46a5 44139 18d479d 44138->44139 44147 18d4879 44139->44147 44151 18d4888 44139->44151 44144 18d3e3f 44143->44144 44159 18d5c44 44144->44159 44146 18d7018 44146->44136 44149 18d48af 44147->44149 44148 18d498c 44148->44148 44149->44148 44155 18d44b4 44149->44155 44153 18d48af 44151->44153 44152 18d498c 44152->44152 44153->44152 44154 18d44b4 CreateActCtxA 44153->44154 44154->44152 44156 18d5918 CreateActCtxA 44155->44156 44158 18d59db 44156->44158 44158->44158 44160 18d5c4f 44159->44160 44163 18d5c64 44160->44163 44162 18d70bd 44162->44146 44164 18d5c6f 44163->44164 44167 18d5c94 44164->44167 44166 18d719a 44166->44162 44168 18d5c9f 44167->44168 44171 18d5cc4 44168->44171 44170 18d728d 44170->44166 44172 18d5ccf 44171->44172 44174 18d858b 44172->44174 44177 18dac3a 44172->44177 44173 18d85c9 44173->44170 44174->44173 44181 18dcd29 44174->44181 44186 18dac5f 44177->44186 44190 18dac70 44177->44190 44178 18dac4e 44178->44174 44182 18dcd59 44181->44182 44183 18dcd7d 44182->44183 44198 18dcee8 44182->44198 44202 18dcee4 44182->44202 44183->44173 44187 18dac70 44186->44187 44193 18dad68 44187->44193 44188 18dac7f 44188->44178 44192 18dad68 GetModuleHandleW 44190->44192 44191 18dac7f 44191->44178 44192->44191 44194 18dad9c 44193->44194 44195 18dad79 44193->44195 44194->44188 44195->44194 44196 18dafa0 GetModuleHandleW 44195->44196 44197 18dafcd 44196->44197 44197->44188 44199 18dcef5 44198->44199 44201 18dcf2f 44199->44201 44206 18dbaa0 44199->44206 44201->44183 44203 18dcee8 44202->44203 44204 18dcf2f 44203->44204 44205 18dbaa0 GetModuleHandleW 44203->44205 44204->44183 44205->44204 44207 18dbaab 44206->44207 44209 18ddc48 44207->44209 44210 18dd29c 44207->44210 44209->44209 44211 18dd2a7 44210->44211 44212 18d5cc4 GetModuleHandleW 44211->44212 44213 18ddcb7 44212->44213 44213->44209 44214 76a188c 44215 76a1896 44214->44215 44217 76a196f 44214->44217 44216 76a199d 44217->44216 44222 76a3528 44217->44222 44240 76a3524 44217->44240 44258 76a358e 44217->44258 44277 76a3518 44217->44277 44223 76a3542 44222->44223 44232 76a354a 44223->44232 44296 76a3ceb 44223->44296 44301 76a4174 44223->44301 44306 76a3e72 44223->44306 44311 76a3a9d 44223->44311 44318 76a3b5d 44223->44318 44323 76a3d1c 44223->44323 44328 76a427f 44223->44328 44332 76a3959 44223->44332 44337 76a3b24 44223->44337 44342 76a3e03 44223->44342 44347 76a3d03 44223->44347 44352 76a3bcd 44223->44352 44360 76a3baf 44223->44360 44365 76a410f 44223->44365 44370 76a3a8f 44223->44370 44232->44216 44241 76a3542 44240->44241 44242 76a3ceb 2 API calls 44241->44242 44243 76a3a8f 2 API calls 44241->44243 44244 76a410f 2 API calls 44241->44244 44245 76a3baf 2 API calls 44241->44245 44246 76a3bcd 4 API calls 44241->44246 44247 76a3d03 2 API calls 44241->44247 44248 76a3e03 2 API calls 44241->44248 44249 76a3b24 2 API calls 44241->44249 44250 76a354a 44241->44250 44251 76a3959 2 API calls 44241->44251 44252 76a427f 2 API calls 44241->44252 44253 76a3d1c 2 API calls 44241->44253 44254 76a3b5d 2 API calls 44241->44254 44255 76a3a9d 4 API calls 44241->44255 44256 76a3e72 2 API calls 44241->44256 44257 76a4174 2 API calls 44241->44257 44242->44250 44243->44250 44244->44250 44245->44250 44246->44250 44247->44250 44248->44250 44249->44250 44250->44216 44251->44250 44252->44250 44253->44250 44254->44250 44255->44250 44256->44250 44257->44250 44259 76a3591 44258->44259 44260 76a351c 44258->44260 44259->44216 44261 76a354a 44260->44261 44262 76a3ceb 2 API calls 44260->44262 44263 76a3a8f 2 API calls 44260->44263 44264 76a410f 2 API calls 44260->44264 44265 76a3baf 2 API calls 44260->44265 44266 76a3bcd 4 API calls 44260->44266 44267 76a3d03 2 API calls 44260->44267 44268 76a3e03 2 API calls 44260->44268 44269 76a3b24 2 API calls 44260->44269 44270 76a3959 2 API calls 44260->44270 44271 76a427f 2 API calls 44260->44271 44272 76a3d1c 2 API calls 44260->44272 44273 76a3b5d 2 API calls 44260->44273 44274 76a3a9d 4 API calls 44260->44274 44275 76a3e72 2 API calls 44260->44275 44276 76a4174 2 API calls 44260->44276 44261->44216 44262->44261 44263->44261 44264->44261 44265->44261 44266->44261 44267->44261 44268->44261 44269->44261 44270->44261 44271->44261 44272->44261 44273->44261 44274->44261 44275->44261 44276->44261 44278 76a3524 12 API calls 44277->44278 44279 76a351f 44278->44279 44280 76a3ceb 2 API calls 44279->44280 44281 76a3a8f 2 API calls 44279->44281 44282 76a410f 2 API calls 44279->44282 44283 76a3baf 2 API calls 44279->44283 44284 76a3bcd 4 API calls 44279->44284 44285 76a3d03 2 API calls 44279->44285 44286 76a3e03 2 API calls 44279->44286 44287 76a3b24 2 API calls 44279->44287 44288 76a354a 44279->44288 44289 76a3959 2 API calls 44279->44289 44290 76a427f 2 API calls 44279->44290 44291 76a3d1c 2 API calls 44279->44291 44292 76a3b5d 2 API calls 44279->44292 44293 76a3a9d 4 API calls 44279->44293 44294 76a3e72 2 API calls 44279->44294 44295 76a4174 2 API calls 44279->44295 44280->44288 44281->44288 44282->44288 44283->44288 44284->44288 44285->44288 44286->44288 44287->44288 44288->44216 44289->44288 44290->44288 44291->44288 44292->44288 44293->44288 44294->44288 44295->44288 44297 76a41e4 44296->44297 44375 76a10d8 44297->44375 44379 76a10d1 44297->44379 44298 76a4202 44302 76a3bc6 44301->44302 44383 76a0b18 44302->44383 44387 76a0b10 44302->44387 44303 76a4337 44307 76a3e78 44306->44307 44391 76a1198 44307->44391 44395 76a1190 44307->44395 44308 76a3eb1 44314 76a1198 WriteProcessMemory 44311->44314 44315 76a1190 WriteProcessMemory 44311->44315 44312 76a3a79 44313 76a3a97 44312->44313 44399 76a0bc8 44312->44399 44403 76a0bc0 44312->44403 44314->44312 44315->44312 44320 76a3a85 44318->44320 44319 76a3a97 44320->44319 44321 76a0bc8 Wow64SetThreadContext 44320->44321 44322 76a0bc0 Wow64SetThreadContext 44320->44322 44321->44320 44322->44320 44324 76a3a85 44323->44324 44324->44323 44325 76a3a97 44324->44325 44326 76a0bc8 Wow64SetThreadContext 44324->44326 44327 76a0bc0 Wow64SetThreadContext 44324->44327 44326->44324 44327->44324 44330 76a1198 WriteProcessMemory 44328->44330 44331 76a1190 WriteProcessMemory 44328->44331 44329 76a42b2 44330->44329 44331->44329 44333 76a3969 44332->44333 44407 76a1415 44333->44407 44411 76a1420 44333->44411 44338 76a3e90 44337->44338 44340 76a1198 WriteProcessMemory 44338->44340 44341 76a1190 WriteProcessMemory 44338->44341 44339 76a3eb1 44340->44339 44341->44339 44343 76a3e0c 44342->44343 44345 76a1198 WriteProcessMemory 44343->44345 44346 76a1190 WriteProcessMemory 44343->44346 44344 76a3eb1 44345->44344 44346->44344 44348 76a4116 44347->44348 44349 76a4138 44348->44349 44415 76a1288 44348->44415 44419 76a1280 44348->44419 44353 76a3bda 44352->44353 44354 76a3c71 44352->44354 44358 76a0bc8 Wow64SetThreadContext 44353->44358 44359 76a0bc0 Wow64SetThreadContext 44353->44359 44356 76a0b18 ResumeThread 44354->44356 44357 76a0b10 ResumeThread 44354->44357 44355 76a4337 44356->44355 44357->44355 44358->44354 44359->44354 44361 76a3bb5 44360->44361 44363 76a0b18 ResumeThread 44361->44363 44364 76a0b10 ResumeThread 44361->44364 44362 76a4337 44363->44362 44364->44362 44366 76a4115 44365->44366 44368 76a1288 ReadProcessMemory 44366->44368 44369 76a1280 ReadProcessMemory 44366->44369 44367 76a4138 44368->44367 44369->44367 44371 76a3a85 44370->44371 44372 76a3a97 44371->44372 44373 76a0bc8 Wow64SetThreadContext 44371->44373 44374 76a0bc0 Wow64SetThreadContext 44371->44374 44373->44371 44374->44371 44376 76a1118 VirtualAllocEx 44375->44376 44378 76a1155 44376->44378 44378->44298 44380 76a10d8 VirtualAllocEx 44379->44380 44382 76a1155 44380->44382 44382->44298 44384 76a0b58 ResumeThread 44383->44384 44386 76a0b89 44384->44386 44386->44303 44388 76a0b18 ResumeThread 44387->44388 44390 76a0b89 44388->44390 44390->44303 44392 76a11e0 WriteProcessMemory 44391->44392 44394 76a1237 44392->44394 44394->44308 44396 76a1198 WriteProcessMemory 44395->44396 44398 76a1237 44396->44398 44398->44308 44400 76a0c0d Wow64SetThreadContext 44399->44400 44402 76a0c55 44400->44402 44402->44312 44404 76a0bc7 Wow64SetThreadContext 44403->44404 44406 76a0c55 44404->44406 44406->44312 44408 76a1420 CreateProcessA 44407->44408 44410 76a166b 44408->44410 44410->44410 44412 76a14a9 44411->44412 44412->44412 44413 76a160e CreateProcessA 44412->44413 44414 76a166b 44413->44414 44416 76a12d3 ReadProcessMemory 44415->44416 44418 76a1317 44416->44418 44418->44349 44420 76a1287 ReadProcessMemory 44419->44420 44422 76a1317 44420->44422 44422->44349 43986 76a46e0 43987 76a486b 43986->43987 43988 76a4706 43986->43988 43988->43987 43991 76a4958 43988->43991 43994 76a4960 PostMessageW 43988->43994 43992 76a4960 PostMessageW 43991->43992 43993 76a49cc 43992->43993 43993->43988 43995 76a49cc 43994->43995 43995->43988 43996 58c7180 43997 58c71ab 43996->43997 43998 58c71a4 43996->43998 44002 58c71fe 43997->44002 44006 58c5ad4 43997->44006 44001 58c5ad4 GetCurrentThreadId 44003 58c71d2 44001->44003 44003->44002 44010 58c7670 44003->44010 44015 58c753b 44003->44015 44007 58c5adf 44006->44007 44008 58c74ef GetCurrentThreadId 44007->44008 44009 58c71c8 44007->44009 44008->44009 44009->44001 44012 58c7671 44010->44012 44011 58c7713 44011->44002 44012->44011 44020 58c7938 44012->44020 44024 58c7948 44012->44024 44016 58c7542 44015->44016 44017 58c759f 44015->44017 44016->44017 44018 58c7938 DrawTextExW 44016->44018 44019 58c7948 DrawTextExW 44016->44019 44017->44002 44018->44017 44019->44017 44021 58c7944 44020->44021 44023 58c796b 44021->44023 44028 58c2a28 44021->44028 44023->44011 44025 58c7949 44024->44025 44026 58c796b 44025->44026 44027 58c2a28 DrawTextExW 44025->44027 44026->44011 44027->44026 44029 58c2a33 44028->44029 44031 58c44ab 44029->44031 44032 58c2a00 44029->44032 44031->44023 44033 58c2a0b 44032->44033 44037 58c7ff8 44033->44037 44041 58c7feb 44033->44041 44034 58c7fdf 44034->44031 44038 58c8001 44037->44038 44045 58c8030 44038->44045 44039 58c8026 44039->44034 44042 58c8001 44041->44042 44044 58c8030 DrawTextExW 44042->44044 44043 58c8026 44043->44034 44044->44043 44046 58c806a 44045->44046 44047 58c807b 44045->44047 44046->44039 44048 58c8109 44047->44048 44052 58c8770 44047->44052 44058 58c8763 44047->44058 44064 58c86e0 44047->44064 44048->44039 44053 58c8798 44052->44053 44054 58c889e 44053->44054 44070 58c8fb8 44053->44070 44076 58c8f09 44053->44076 44081 58c8f18 44053->44081 44054->44046 44059 58c8798 44058->44059 44060 58c889e 44059->44060 44061 58c8fb8 DrawTextExW 44059->44061 44062 58c8f18 DrawTextExW 44059->44062 44063 58c8f09 DrawTextExW 44059->44063 44060->44046 44061->44060 44062->44060 44063->44060 44065 58c86e5 44064->44065 44066 58c889e 44065->44066 44067 58c8fb8 DrawTextExW 44065->44067 44068 58c8f18 DrawTextExW 44065->44068 44069 58c8f09 DrawTextExW 44065->44069 44066->44046 44067->44066 44068->44066 44069->44066 44071 58c8f7c 44070->44071 44072 58c8fc6 44071->44072 44086 58c9380 44071->44086 44091 58c9371 44071->44091 44072->44054 44073 58c8fa4 44073->44054 44077 58c8f2e 44076->44077 44079 58c9380 DrawTextExW 44077->44079 44080 58c9371 DrawTextExW 44077->44080 44078 58c8fa4 44078->44054 44079->44078 44080->44078 44082 58c8f2e 44081->44082 44084 58c9380 DrawTextExW 44082->44084 44085 58c9371 DrawTextExW 44082->44085 44083 58c8fa4 44083->44054 44084->44083 44085->44083 44096 58c9430 44086->44096 44106 58c93c0 44086->44106 44111 58c93b0 44086->44111 44087 58c939e 44087->44073 44092 58c939e 44091->44092 44093 58c9430 DrawTextExW 44091->44093 44094 58c93b0 DrawTextExW 44091->44094 44095 58c93c0 DrawTextExW 44091->44095 44092->44073 44093->44092 44094->44092 44095->44092 44097 58c9434 44096->44097 44098 58c943d 44097->44098 44101 58c93c4 44097->44101 44099 58c9476 44098->44099 44102 58c8638 DrawTextExW 44098->44102 44099->44087 44100 58c941e 44100->44087 44101->44100 44104 58c9430 DrawTextExW 44101->44104 44105 58c9440 DrawTextExW 44101->44105 44103 58c94e1 44102->44103 44104->44100 44105->44100 44108 58c93c4 44106->44108 44107 58c941e 44107->44087 44108->44107 44109 58c9430 DrawTextExW 44108->44109 44110 58c9440 DrawTextExW 44108->44110 44109->44107 44110->44107 44112 58c93c0 44111->44112 44113 58c941e 44112->44113 44114 58c9430 DrawTextExW 44112->44114 44115 58c9440 DrawTextExW 44112->44115 44113->44087 44114->44113 44115->44113 44126 58c4310 44128 58c4311 44126->44128 44127 58c4345 44128->44127 44129 58c2a28 DrawTextExW 44128->44129 44129->44127 44423 58c4960 44425 58c4961 44423->44425 44424 58c4af0 44425->44424 44428 58c4cef 44425->44428 44432 58c4d00 44425->44432 44429 58c4d10 44428->44429 44430 58c2a28 DrawTextExW 44429->44430 44431 58c4d4c 44430->44431 44431->44424 44433 58c4d10 44432->44433 44434 58c2a28 DrawTextExW 44433->44434 44435 58c4d4c 44434->44435 44435->44424 44116 18dd000 44117 18dd046 GetCurrentProcess 44116->44117 44119 18dd098 GetCurrentThread 44117->44119 44120 18dd091 44117->44120 44121 18dd0ce 44119->44121 44122 18dd0d5 GetCurrentProcess 44119->44122 44120->44119 44121->44122 44125 18dd10b 44122->44125 44123 18dd133 GetCurrentThreadId 44124 18dd164 44123->44124 44125->44123 44130 18dd650 DuplicateHandle 44131 18dd6e6 44130->44131

                                Executed Functions

                                Function 076834B8 Relevance: 3.1, Strings: 2, Instructions: 562COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 44 76834b8-76834e0 46 76834e2 44->46 47 76834e7-76835a3 44->47 46->47 50 76835a8-76835b5 47->50 51 76835a5-76835a6 47->51 50->51 52 76835c7-76835cb 50->52 51->52 53 7683abb-7683afd 52->53 54 76835d1-76835fb 52->54 63 7683b00-7683b04 53->63 57 7683cc8-7683cd4 54->57 58 7683601-7683619 54->58 59 7683cda-7683ce3 57->59 58->59 60 768361f-7683620 58->60 64 7683ce9-7683cf5 59->64 62 7683cae-7683cba 60->62 65 7683cc0-7683cc7 62->65 66 7683625-7683631 62->66 67 7683b0a-7683b10 63->67 68 76836d6-76836da 63->68 77 7683cfb-7683d07 64->77 72 7683638-7683653 66->72 73 7683633 66->73 67->53 69 7683b12-7683b6d 67->69 70 76836ec-76836f2 68->70 71 76836dc-76836ea 68->71 92 7683b6f-7683ba2 69->92 93 7683ba4-7683bce 69->93 75 7683737-768373b 70->75 74 768374a-768377c 71->74 72->64 76 7683659-768367e 72->76 73->72 98 768377e-768378a 74->98 99 76837a6 74->99 78 768373d 75->78 79 76836f4-7683700 75->79 76->77 91 7683684-7683686 76->91 81 7683d0d-7683d14 77->81 82 7683740-7683744 78->82 84 7683702 79->84 85 7683707-768370f 79->85 82->74 87 76836bc-76836d3 82->87 84->85 89 7683711-7683725 85->89 90 7683734 85->90 87->68 95 7683689-7683694 89->95 96 768372b-7683732 89->96 90->75 91->95 107 7683bd7-7683c56 92->107 93->107 95->81 100 768369a-76836b7 95->100 96->78 102 768378c-7683792 98->102 103 7683794-768379a 98->103 105 76837ac-76837d9 99->105 100->82 108 76837a4 102->108 103->108 112 7683828-76838bb 105->112 113 76837db-7683813 105->113 120 7683c5d-7683c70 107->120 108->105 128 76838bd 112->128 129 76838c4-76838c5 112->129 121 7683c7f-7683c84 113->121 120->121 122 7683c9b-7683cab 121->122 123 7683c86-7683c94 121->123 122->62 123->122 128->129 130 7683916-768391c 129->130 131 768391e-76839e0 130->131 132 76838c7-76838e6 130->132 143 7683a21-7683a25 131->143 144 76839e2-7683a1b 131->144 133 76838e8 132->133 134 76838ed-7683913 132->134 133->134 134->130 145 7683a66-7683a6a 143->145 146 7683a27-7683a60 143->146 144->143 147 7683aab-7683aaf 145->147 148 7683a6c-7683aa5 145->148 146->145 147->69 151 7683ab1-7683ab9 147->151 148->147 151->63
                                Strings
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID: :$~
                                • API String ID: 0-2431124681
                                • Opcode ID: 8335257d62b6173101652b1eef3cae19ce492080debf4816eb2a27a62958d6ac
                                • Instruction ID: f4b34fb0982bfe7be6dfc5d52f24a8e25196f73ab7600071f8d6af5752aae424
                                • Opcode Fuzzy Hash: 8335257d62b6173101652b1eef3cae19ce492080debf4816eb2a27a62958d6ac
                                • Instruction Fuzzy Hash: 8642FFB5A00218DFDB55DFA9C984B9DBBB2FF89300F1181E9E50AAB361D7319981DF10
                                Function 07682106 Relevance: 1.8, Strings: 1, Instructions: 561COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 153 7682106-768210a 154 768210b-7682120 153->154 155 7682acd-7682add 153->155 154->155 156 7682121-768212c 154->156 158 7682132-768213e 156->158 159 768214a-7682159 158->159 161 76821b8-76821bc 159->161 162 76821c2-76821cb 161->162 163 7682264-76822ce 161->163 164 76821d1-76821e7 162->164 165 76820c6-76820d2 162->165 163->155 201 76822d4-768281b 163->201 171 7682239-768224b 164->171 172 76821e9-76821ec 164->172 165->155 167 76820d8-76820e4 165->167 169 768215b-7682161 167->169 170 76820e6-76820fa 167->170 169->155 173 7682167-768217f 169->173 170->169 180 76820fc-7682105 170->180 181 7682a0c-7682ac2 171->181 182 7682251-7682254 171->182 172->155 175 76821f2-768222f 172->175 173->155 184 7682185-76821ad 173->184 175->163 198 7682231-7682237 175->198 180->153 181->155 185 7682257-7682261 182->185 184->161 198->171 198->172 279 768281d-7682827 201->279 280 7682832-76828c5 201->280 281 768282d 279->281 282 76828d0-7682963 279->282 280->282 283 768296e-7682a01 281->283 282->283 283->181
                                Strings
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID: D
                                • API String ID: 0-2746444292
                                • Opcode ID: ba09fdfe0ee6b56a9f5f0db50517b7a143c92f0766e7f5fd597ad0b2f399a24c
                                • Instruction ID: 949327c6d138272b836d838c6ccd47f6f4d449b0354589761154883e1433dd89
                                • Opcode Fuzzy Hash: ba09fdfe0ee6b56a9f5f0db50517b7a143c92f0766e7f5fd597ad0b2f399a24c
                                • Instruction Fuzzy Hash: 1B52A674A002199FDB64DF68D998BADB7B6FF89300F1081D9D50AA7364DB34AE81CF50
                                Function 07684FDF Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID: @
                                • API String ID: 0-2766056989
                                • Opcode ID: 1e39c790903c1bd5298aa2102c426654de5d16b9930c56405ab27d0b9d161df4
                                • Instruction ID: 45c5587cbbf935913d7e8bef6f61717e96b96b91193276c91707917f63f0a187
                                • Opcode Fuzzy Hash: 1e39c790903c1bd5298aa2102c426654de5d16b9930c56405ab27d0b9d161df4
                                • Instruction Fuzzy Hash: 30E191B8E04219CFDB50DFA8C880A9DBBF1FB49210F1485AAD919E7345E7359D86CF50
                                Function 07687EF9 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID: ;
                                • API String ID: 0-1661535913
                                • Opcode ID: 17a4559dd4e832b925b9fc7ed6bead986115eec477bc094bdc6d412ed09ddf28
                                • Instruction ID: c371f51585f4f9cfa44039852c7f15b038e497f0ffcb20749345395f363f858c
                                • Opcode Fuzzy Hash: 17a4559dd4e832b925b9fc7ed6bead986115eec477bc094bdc6d412ed09ddf28
                                • Instruction Fuzzy Hash: 8801F9F5D052099FCB52EFFAC5467AE7BB5AB07201F3846A6D806D7341E7318A01CB51
                                Function 07687450 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID: m
                                • API String ID: 0-3775001192
                                • Opcode ID: d6ff1400900c4abc2b170a158ac7160b7d47c5f229b030407b3305d95fd720ba
                                • Instruction ID: f400bcf77f1a93c5c5ffc7117f8ee153ecf0105e4be63638dd70179d642be4c1
                                • Opcode Fuzzy Hash: d6ff1400900c4abc2b170a158ac7160b7d47c5f229b030407b3305d95fd720ba
                                • Instruction Fuzzy Hash: EEE0C2B0D0520CDBCB58FFF8D4457AD7BB89B06200F240298C40693340DB310A48CAA1
                                Function 07683348 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID: 6
                                • API String ID: 0-498629140
                                • Opcode ID: 2a6a0a5ba97fccd989c091e4c21b2a66c0d8b80b272a86eaf518ea2ae255266a
                                • Instruction ID: fa2cf2536c1cd613145f0d88f7215e39f832d3ec1e881b8c442ebe75e41aeadb
                                • Opcode Fuzzy Hash: 2a6a0a5ba97fccd989c091e4c21b2a66c0d8b80b272a86eaf518ea2ae255266a
                                • Instruction Fuzzy Hash: 09E0C2B0804208EBDF24EFB9D40A7ADBBB8AB0A201F104AA9D40693340EF314A42D741
                                Function 07684038 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID: 7
                                • API String ID: 0-1790921346
                                • Opcode ID: 45f2b7a42fac15a41418c3c431da1a04b86aba4c45b28b0e8fa5d5e11bbf8d91
                                • Instruction ID: e6db38197d471d752fedd2a694073a7c20ac2c4fe6a6de02bd33726cf846ab63
                                • Opcode Fuzzy Hash: 45f2b7a42fac15a41418c3c431da1a04b86aba4c45b28b0e8fa5d5e11bbf8d91
                                • Instruction Fuzzy Hash: EDE0C2B080524DDBCB64FFF4E4057AEBBB8AB06204F500298C40793340EB300A85C642
                                Function 07682C38 Relevance: .4, Instructions: 435COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4c510b9ff1af0eaffb390bdb87438f380678fd7ca562fb929b4ad0a6e1d52b49
                                • Instruction ID: 455e81526e9c72b08bbf0910e0e3376d65ec7eb49eb271f280c6c5614b83d7a2
                                • Opcode Fuzzy Hash: 4c510b9ff1af0eaffb390bdb87438f380678fd7ca562fb929b4ad0a6e1d52b49
                                • Instruction Fuzzy Hash: 5DE1ACB1B102168FCB55EBB9D86867E7BE6BF8A601B144569E407DB360DF70CC42CB90
                                Function 07683D9E Relevance: .2, Instructions: 231COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9e28f80106c9033674eb5674e6accf913e5efd032489e98a9121c0e54f13d415
                                • Instruction ID: c661617fcbb85c933ab78dfe6dae1ec7abdd2d6f4da243d21fa011bf129f7c88
                                • Opcode Fuzzy Hash: 9e28f80106c9033674eb5674e6accf913e5efd032489e98a9121c0e54f13d415
                                • Instruction Fuzzy Hash: 0D91D4B8E042199FDF54DFA9C480AAEFBF2EB89710F10852AD819E7344D7359902CF50
                                Function 07686D37 Relevance: .2, Instructions: 193COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f6cc16fb07a1788d0e6aae48f38cadbaef368a3b0c150b1a82672f442964680d
                                • Instruction ID: 647335542e95e15536cbb7c415d5f558fc981962ae008d3a0a4cf14404fba6e8
                                • Opcode Fuzzy Hash: f6cc16fb07a1788d0e6aae48f38cadbaef368a3b0c150b1a82672f442964680d
                                • Instruction Fuzzy Hash: 9B81A5B5E042199FDF51DFA8C880AAEBBB2FF49304F14856AD909EB302D7319946CF40
                                Function 07686FA0 Relevance: .2, Instructions: 190COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e6deffc28d4f071e6c993f76b40a04b7763f39028a208b3017e2da17994c7f12
                                • Instruction ID: c726fee933e264ccdf7ad919721b3757927d0ed45c15e5b46634dafb7c446558
                                • Opcode Fuzzy Hash: e6deffc28d4f071e6c993f76b40a04b7763f39028a208b3017e2da17994c7f12
                                • Instruction Fuzzy Hash: 576105F29083889FCB41DFB4C844ADEBFF5EF46210F1484AAE406EB312D6359805CB61
                                Function 076880EA Relevance: .2, Instructions: 166COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 76af33cc7be5d7bbf6381cd15a47491ee64b8eb703e646d56383364883284d15
                                • Instruction ID: b30432bdf6ce073929b359c1b4713a16fdd5b66912e74be7796699a6d285a446
                                • Opcode Fuzzy Hash: 76af33cc7be5d7bbf6381cd15a47491ee64b8eb703e646d56383364883284d15
                                • Instruction Fuzzy Hash: 8A61ACB8E1421A8FCB50DFA8C980AADFBF1BF49300F648569D849E7305D734A982CF50
                                Function 0768AE30 Relevance: .1, Instructions: 134COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b1b454beb196f03b6c38e11a98bfdab26a3e9d61a9784c2af217b2341f45aca1
                                • Instruction ID: 1d2caf20f0cb4e53bd0ae7e466713d176a4a13b4a3f219071943a7d46e6fac7e
                                • Opcode Fuzzy Hash: b1b454beb196f03b6c38e11a98bfdab26a3e9d61a9784c2af217b2341f45aca1
                                • Instruction Fuzzy Hash: 1A51E8B4D14218CFDB44DFEAC844AEEBBB6BF89300F14D12AD81AAB355DB745806CB50
                                Function 0768C6D8 Relevance: .1, Instructions: 132COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a13284d49eac515f70928e41d6d361ecdb91e25b8f46eec2a8a3638118818b9f
                                • Instruction ID: f1e36a10d4a1135522182ddcf05817713d3c87d8ba1eefe556da9986a7c9757a
                                • Opcode Fuzzy Hash: a13284d49eac515f70928e41d6d361ecdb91e25b8f46eec2a8a3638118818b9f
                                • Instruction Fuzzy Hash: 9A51F6F0958209DFCB84EFA9C5855EDBBBABB4E301F149695D40AA7201D7349942CFB0
                                Function 076886E0 Relevance: .1, Instructions: 114COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dee8de2eba4e759de2600f76442d14090e91e796837a222759535d8d35bb7ed7
                                • Instruction ID: daf2d947fedff7bec2e96e33ec67fadb4bba79f5509f0ab37cafcf68407b7657
                                • Opcode Fuzzy Hash: dee8de2eba4e759de2600f76442d14090e91e796837a222759535d8d35bb7ed7
                                • Instruction Fuzzy Hash: 6941F8B8E1021ADFDB54DFA8D880AAEB7F1EB89310F50856AD916E7340DB359D42CB50
                                Function 0768AE20 Relevance: .1, Instructions: 109COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a7a7f01d3ff85f305b09f6c3e39084820a046f30fc0dbd60aaa21488c468f601
                                • Instruction ID: 6cdc383b640bab9bee114f0107cc1a19d007e9e91e5ec3622b11e8dc7eefe8d3
                                • Opcode Fuzzy Hash: a7a7f01d3ff85f305b09f6c3e39084820a046f30fc0dbd60aaa21488c468f601
                                • Instruction Fuzzy Hash: 27412BB4D18248CFDB44DFE6C8446EEBBB6BF8A300F14D12AD41AAB355DB744906CB50
                                Function 076886CF Relevance: .1, Instructions: 108COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a3db806fb94b1581578152b6944451cfe39e6a110bf86d9a271d170aaf5d4095
                                • Instruction ID: d34639d437cd90b3961658181125f307344e895d25cec6dbbba5da8b3120485b
                                • Opcode Fuzzy Hash: a3db806fb94b1581578152b6944451cfe39e6a110bf86d9a271d170aaf5d4095
                                • Instruction Fuzzy Hash: 49417FB8E10206DFDB44DFA8C880AAEBBF1EF89310F50856AD915E7350D7359D42CB54
                                Function 07684428 Relevance: .1, Instructions: 107COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 19988a0230b201141751b0865cc0897e8c20f911a996c3c045ad0cff38fba049
                                • Instruction ID: 048f23f7a0be9300f41df6ed6845ce2ea8f551603ee3271df77912828e19fdc7
                                • Opcode Fuzzy Hash: 19988a0230b201141751b0865cc0897e8c20f911a996c3c045ad0cff38fba049
                                • Instruction Fuzzy Hash: D34107B4E0115ADFCF44DFA8D484AAEBBB2FB89300F10852AE916A7344DB319D02CB51
                                Function 07682FB0 Relevance: .1, Instructions: 106COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ce267ebdb2801f2a1b84f40441b146eff809af215d4285a9cb041d9cbf321f8d
                                • Instruction ID: 3b2780c5d27c63f184bef431b4c50c845014fd2d72d27644c41e82b12a853fab
                                • Opcode Fuzzy Hash: ce267ebdb2801f2a1b84f40441b146eff809af215d4285a9cb041d9cbf321f8d
                                • Instruction Fuzzy Hash: 554113B4E1120A8FCB55DFBAD95A6AEBBF1BF49601B108529E952E3340EF30D901CF50
                                Function 07684417 Relevance: .1, Instructions: 100COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 36f838f2431b46ae3c5b2089d69ff0cb449fdf27ac5f606f347511a6fd86367b
                                • Instruction ID: dcaf3a962dea2470a9c40b9cb6e58dba631d2486783faf0818aae98027906f27
                                • Opcode Fuzzy Hash: 36f838f2431b46ae3c5b2089d69ff0cb449fdf27ac5f606f347511a6fd86367b
                                • Instruction Fuzzy Hash: 834138B4E0014A9FCF44DFA8D484AAEBBB2FB89300F14852AE916A7340DB359D02CF51
                                Function 07684ED8 Relevance: .1, Instructions: 74COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 294c1e7bd18255258be71c69e0e7cfeb9352a0fd46cd45042d1a5852a4c5bea9
                                • Instruction ID: 52ae1cd4f6844cc6c534d559bcf9e89927980b6ee160fc9ca23411f9dd96a338
                                • Opcode Fuzzy Hash: 294c1e7bd18255258be71c69e0e7cfeb9352a0fd46cd45042d1a5852a4c5bea9
                                • Instruction Fuzzy Hash: 01316DB4E1124ADFCB50DFB9D5856EEBBF4AB48200F1485AAE815F3340EB349A41CF60
                                Function 07684EC9 Relevance: .1, Instructions: 72COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3f6385598510230b53e9aa8df039e1eafb20482de42c5d2665142724c9c2f0e1
                                • Instruction ID: ca6452a473b23243ca51d66ff93aa89f2a3d3cec076836fdebbb79db3e11f1d7
                                • Opcode Fuzzy Hash: 3f6385598510230b53e9aa8df039e1eafb20482de42c5d2665142724c9c2f0e1
                                • Instruction Fuzzy Hash: DA31D5B4D0024A8FCB50DFB9C9856EEBFF0EB49210F1485AAD915E7340EB349A41CF91
                                Function 07685748 Relevance: .1, Instructions: 67COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 03e7493e56bc72e296712515cabbe5a76715a004c222bcb58a51caed8ad482d0
                                • Instruction ID: c43d5a779abc574d2fb5f3ea37a7e4725e81440af8cb3d02cb0f4c3494c2c305
                                • Opcode Fuzzy Hash: 03e7493e56bc72e296712515cabbe5a76715a004c222bcb58a51caed8ad482d0
                                • Instruction Fuzzy Hash: 0C31E3B0C00318DFDB20DF9AC588B8EBBF5AB08310F148569E816BB241C3B55845CFA5
                                Function 07685608 Relevance: .1, Instructions: 58COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 789d63e58d88785ee055fd05050f5568cb14eb2cd9391992990c712da66efd40
                                • Instruction ID: c957e3fe109b5ddd9bb45078922278bc3233cbcde6bb3b6ad8cbe6f84be9ee3c
                                • Opcode Fuzzy Hash: 789d63e58d88785ee055fd05050f5568cb14eb2cd9391992990c712da66efd40
                                • Instruction Fuzzy Hash: 20114FB1B0020A8BDB54FBB998006EEBBB6AF84311B104179C406F7340EF318E558BA5
                                Function 0768AEA0 Relevance: .1, Instructions: 51COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 523c206f0f22bf61f81661c1bd12b0fcd45a2cb93160c6b8dd3832d80495beae
                                • Instruction ID: 55d1ed67055ffe5b69698af02b27fe33407fdb5200223d0b060d42b693c73ddb
                                • Opcode Fuzzy Hash: 523c206f0f22bf61f81661c1bd12b0fcd45a2cb93160c6b8dd3832d80495beae
                                • Instruction Fuzzy Hash: 2711C375E00209CFCF04CFE8C8849ADBBB2FF48314F21816AE919AB265D731A956DB50
                                Function 0768E410 Relevance: .0, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 79afb645f0d2497a4b8cc91fd221756f286eca7b68f1cc7bd50c658174ea8244
                                • Instruction ID: 82ebf1e8e98eaffb0ffae7c39d306ddeea838964b1178421032f60e80db6e77c
                                • Opcode Fuzzy Hash: 79afb645f0d2497a4b8cc91fd221756f286eca7b68f1cc7bd50c658174ea8244
                                • Instruction Fuzzy Hash: 0401F1B0915209CFEB40EBA9D8456AC7BBAFB8A304F00962690169B248DF755C468F52
                                Function 076860F0 Relevance: .0, Instructions: 43COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ffd49c4b8f631e90f8ffc25446dae583f43e2d447f7dce24b2c2cc5e886671f1
                                • Instruction ID: 6b48dba2d8e80a478f6e66074ebae49b154f81ebf6b085356f70b76a27b7c981
                                • Opcode Fuzzy Hash: ffd49c4b8f631e90f8ffc25446dae583f43e2d447f7dce24b2c2cc5e886671f1
                                • Instruction Fuzzy Hash: C2F0C2F6B082652F8301966E9C84D67BFE9EBC966035580BEE549CB352E9318C01C2A0
                                Function 07686055 Relevance: .0, Instructions: 41COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d3edeff0831d6289cc51a5a48e91aaead72b93158e13b75658a175c186a1427c
                                • Instruction ID: 6370cf4ffc209e5aada3877e37dd942d990b19a7facb7a79cd32f08827c1620d
                                • Opcode Fuzzy Hash: d3edeff0831d6289cc51a5a48e91aaead72b93158e13b75658a175c186a1427c
                                • Instruction Fuzzy Hash: 7D014CF080021ADFDB10DF69C90479E7FB1FF45754F148669E526AB2A1D7704A84CBD8
                                Function 076885C0 Relevance: .0, Instructions: 40COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8ee04f8d39eec6b913124c6964932d30209d31af02e818b2ded58d8ca9375bb3
                                • Instruction ID: 8d78e9ffa7ffeabac43d387a0cde6fc9ee8f416fdcd1993db2e8f2e3b6cddbe0
                                • Opcode Fuzzy Hash: 8ee04f8d39eec6b913124c6964932d30209d31af02e818b2ded58d8ca9375bb3
                                • Instruction Fuzzy Hash: D401ECB8E1420ADFCB84DFA9C5416AEFBF5FF49300F5085A99819E3341E7359A41CB51
                                Function 076885B3 Relevance: .0, Instructions: 39COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5f134e360522c8c6f1e7c320af30760d6f8a201476e8b026969f54a952d98e14
                                • Instruction ID: 7992ae2d38075d3ab23eb93beb942fbbe7ea70d9bd6b78d210e8ba4f51ef8d00
                                • Opcode Fuzzy Hash: 5f134e360522c8c6f1e7c320af30760d6f8a201476e8b026969f54a952d98e14
                                • Instruction Fuzzy Hash: 9B01FFB8D1110A9FDB84EFA8C5417AEB7F5EF49300F5085AA8915E3341EB359A01CF91
                                Function 0768BE7E Relevance: .0, Instructions: 38COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5ba48c7e31a9c4086a26b86226cefb0a552325f7ba277af693963731ccafabc9
                                • Instruction ID: 9b6c317761a869a21ffa1198c7121a3d5f353a8515745f68ab62f958c0a1ff1b
                                • Opcode Fuzzy Hash: 5ba48c7e31a9c4086a26b86226cefb0a552325f7ba277af693963731ccafabc9
                                • Instruction Fuzzy Hash: 5501C5B4918215CFCB64DFA4D994AACBBB6BF4A311F1046A9D40E6B351CB349D46CF10
                                Function 07687F41 Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ac4f0ef86c097c7c62f45657e2a10ffdf90b1a483b2db6896098091bb8917f02
                                • Instruction ID: b96fb22da6de28781244fc75b62b4d9a4087ab318e82c11d65ae58fc8f470cbe
                                • Opcode Fuzzy Hash: ac4f0ef86c097c7c62f45657e2a10ffdf90b1a483b2db6896098091bb8917f02
                                • Instruction Fuzzy Hash: DDF03CF4D092499FCB46EFFA85016AEBFF5AB06200F2489BA9405E3301E7708A01CB51
                                Function 07686C28 Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 15739da575e658c28237b43dea39646e35485337978ba41269dab833b6a2a27b
                                • Instruction ID: a02e9df28850a44819436121cbea898eec1b74761a8491f9f8abbcc488a9dc94
                                • Opcode Fuzzy Hash: 15739da575e658c28237b43dea39646e35485337978ba41269dab833b6a2a27b
                                • Instruction Fuzzy Hash: D701F6B4D1520A9FCB54DFB9D5026AEBBF4EB09300F1085AA980AE3341EB308A01CF51
                                Function 0768C379 Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 11474acefe346633d6109d8d0d1f0579e3658c024d45c2e70d7a47fdbdba6b15
                                • Instruction ID: f06cd9a790af217c00a3a56097b66cb8463ba2768daeea89bbccb34aa82dabd6
                                • Opcode Fuzzy Hash: 11474acefe346633d6109d8d0d1f0579e3658c024d45c2e70d7a47fdbdba6b15
                                • Instruction Fuzzy Hash: EA0144F0519148DFCB64DB64E595AAC7B7AFF0B204F1496C5D41FAB216C730A885CF20
                                Function 076832D0 Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cb1e2d2d08fbcf732a127940273f3206dd8ead841b5a06f6678f65233f93fc17
                                • Instruction ID: 40874acf68a99e55bd28719b70c4e1b751ac64c831910a9a3cb93c1677e210a3
                                • Opcode Fuzzy Hash: cb1e2d2d08fbcf732a127940273f3206dd8ead841b5a06f6678f65233f93fc17
                                • Instruction Fuzzy Hash: 2EF0FFB8E042099FDB44EFB9C5456AEF7F4EB4A304F108599D815E3340DB759A05CF44
                                Function 07686060 Relevance: .0, Instructions: 34COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 60f61f17ed22061a4d111382c63cb3dfa48cf6d5d3883f4ff94b827ba516d393
                                • Instruction ID: daaad78d924edaabab2156007b6ef652e292a003c9b4b95a0e884c1ff134bf92
                                • Opcode Fuzzy Hash: 60f61f17ed22061a4d111382c63cb3dfa48cf6d5d3883f4ff94b827ba516d393
                                • Instruction Fuzzy Hash: 1E01FBB0800219DFDB14DF6AC9047AEBAF1FF48360F108625E426AB2A1D7754A44CFD4
                                Function 076843C0 Relevance: .0, Instructions: 33COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d39ba6a70e1df87ac0a0c94a17a2a28ff75e2319845e1cc7ff09665e82322648
                                • Instruction ID: 0bc02eeb5580299fc38ce05479aaeaf949a9900fcb054f536e7269f18bf7d61a
                                • Opcode Fuzzy Hash: d39ba6a70e1df87ac0a0c94a17a2a28ff75e2319845e1cc7ff09665e82322648
                                • Instruction Fuzzy Hash: 81F097B4D1520ADFCB84DFA9D5416AEBBF4FB59300F1485AAD819E3300EB309A15CB91
                                Function 076883D8 Relevance: .0, Instructions: 33COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: aaff4eaca03a50db628a84a0275e29b59f45e6b22d90e73a1e7cb1ed6ee4ed68
                                • Instruction ID: 9d6532a4291c9dd7b607ea51f34410c0aaf3847494ae7f5b91ac29f2ee59a325
                                • Opcode Fuzzy Hash: aaff4eaca03a50db628a84a0275e29b59f45e6b22d90e73a1e7cb1ed6ee4ed68
                                • Instruction Fuzzy Hash: 4CF03CB0D2030A9FDB84EFA9C842AAEBFF1AB08200F848569D916E7241D7709605CB91
                                Function 076843B0 Relevance: .0, Instructions: 33COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5858ec8b2dce5c67d769d76e316f1dd250f34de7e84326c415d7eb85d9a6a9fb
                                • Instruction ID: 93b5ee2b024c72a1aff2b1fd3c30c9934cb3671bf3421c28fe1cc2ea74dce60b
                                • Opcode Fuzzy Hash: 5858ec8b2dce5c67d769d76e316f1dd250f34de7e84326c415d7eb85d9a6a9fb
                                • Instruction Fuzzy Hash: 5AF0E7B4D0524ACFCB95DFA9C9416AEBBB0FB49200F1485AAD415E3300EB708A05CB51
                                Function 07687F50 Relevance: .0, Instructions: 33COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d17d8e596a7d408164e974a15727133dd7f0ffd047ae25b15dd9f98ae1bea7e7
                                • Instruction ID: 415bca09ba3debe380d6fd306812a48b45087f4107b0258bd58c806b40790b43
                                • Opcode Fuzzy Hash: d17d8e596a7d408164e974a15727133dd7f0ffd047ae25b15dd9f98ae1bea7e7
                                • Instruction Fuzzy Hash: 6CF097B4D1520A9FCB44EFBAD5456AEBBF5BB49300F2485AA9819E3300EB309A41CB51
                                Function 07686100 Relevance: .0, Instructions: 32COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4eb2913d47d647cc612b06d6acc85f1a68c58b08c410622efcc91436a6fdf9ad
                                • Instruction ID: 1d0dfe45049ae0bce17ce0d0474036584e7e64bb3eb6b3eeffc658dd53c2a022
                                • Opcode Fuzzy Hash: 4eb2913d47d647cc612b06d6acc85f1a68c58b08c410622efcc91436a6fdf9ad
                                • Instruction Fuzzy Hash: 4BE039B67042286F93049AAED884D6BBBEEFBCC670311807AE908C7314D9319C00C6A0
                                Function 07683D21 Relevance: .0, Instructions: 32COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5a16f0a3de404533a1cc73274a0ec4c508b9eb711255d7bfff5207af8d19fd05
                                • Instruction ID: 4f8fc27759afeb43ce2245d7a043b79961d07b9821e42fe3691e18bb5003152b
                                • Opcode Fuzzy Hash: 5a16f0a3de404533a1cc73274a0ec4c508b9eb711255d7bfff5207af8d19fd05
                                • Instruction Fuzzy Hash: 40F017B4D04249AFCB95EFB9C5467ADBBF1EB0A600F048ABAD819E3711E7744641CB41
                                Function 07688558 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 84ecf2f82e21336f376975ccde14cd37c8a103ba01cce27f6ed7a38ef9e59aa3
                                • Instruction ID: b21f89d1715c624db753648bc3130ad9175501dad51ca8051af4a83ed473d34b
                                • Opcode Fuzzy Hash: 84ecf2f82e21336f376975ccde14cd37c8a103ba01cce27f6ed7a38ef9e59aa3
                                • Instruction Fuzzy Hash: 64F0B7F4D2520ADFCB94EFB9D8456ADBBF4EB49200F408AAAD419E3300E7705A418B41
                                Function 07683D30 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 25c3dbe65f51983b7e7de9ceae81a23c3c4a48b84a22b4d3f6b45cdee7734914
                                • Instruction ID: bd3dd717707b609f8505f2e507d38527ae2f62a490479b929a0a08ee5f5b66ad
                                • Opcode Fuzzy Hash: 25c3dbe65f51983b7e7de9ceae81a23c3c4a48b84a22b4d3f6b45cdee7734914
                                • Instruction Fuzzy Hash: 9FF0DAB4D14209EFCB94EFBAC5466ADBBF4EF09700F009AAAD819E3310E7705641CB40
                                Function 0768854B Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: aee6b7655e05403101d0f2b4d408b3e4258ef66b16dd6b34117b82bc554a0edb
                                • Instruction ID: 36fba5e92d959150c232a0cbd6f314aabd14579211b4a0570d0aea3a97cee7bf
                                • Opcode Fuzzy Hash: aee6b7655e05403101d0f2b4d408b3e4258ef66b16dd6b34117b82bc554a0edb
                                • Instruction Fuzzy Hash: 45F0BDB4D112099FDB94EFBDD9467ADBBF4EB49201F408A6AD415E3300E77045458B41
                                Function 076883E8 Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 06b62fcf0db92f92605ad71142853dbf12ab5c0370910d55fc718b3e34547a06
                                • Instruction ID: f712b159303279f3389eb4f41227e10c239899023e1e9ccf00f002f40e6b709a
                                • Opcode Fuzzy Hash: 06b62fcf0db92f92605ad71142853dbf12ab5c0370910d55fc718b3e34547a06
                                • Instruction Fuzzy Hash: A4F0DAB1D1431A9FDB84EFA9D841AAEBBF4FB48210F508AAAD919E7301D77095048B91
                                Function 0768BD8C Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 25071ad7f0d086366df045614c40537740711206c37a65af6409adfd9165aaed
                                • Instruction ID: 1efae73e8ea87b266a6969c0d316e659c94736771490307a9694a14bb027efe8
                                • Opcode Fuzzy Hash: 25071ad7f0d086366df045614c40537740711206c37a65af6409adfd9165aaed
                                • Instruction Fuzzy Hash: 2BF01DB1919214CFCB54DFA4E585AACB7B6FB4A300F1052C5D40A7B315C731AD86CF60
                                Function 07688688 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cf50985314aff1a07e4e02f0accd15cdd3e8c6c47ab971a575636174f811a6c0
                                • Instruction ID: 98cd2e517802e881f1c41bcfccdadcf68b29e38c0a0b0c600d6017fb1bd42a52
                                • Opcode Fuzzy Hash: cf50985314aff1a07e4e02f0accd15cdd3e8c6c47ab971a575636174f811a6c0
                                • Instruction Fuzzy Hash: 68F0C9B4D25209AFCB94EFB8D5456ADBBF4AB0A300F5086A9D449F3300E7309A81CF44
                                Function 07688380 Relevance: .0, Instructions: 24COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ee350eba50db35c546bf4cf67e449368c1acf5b4efc885cd14fb5392caebd5de
                                • Instruction ID: 14bd980e75fa447d02b3957a6e4f0af148e07f8d20cc31e079358b407e5a5a5c
                                • Opcode Fuzzy Hash: ee350eba50db35c546bf4cf67e449368c1acf5b4efc885cd14fb5392caebd5de
                                • Instruction Fuzzy Hash: 7BF030F091020AEFC780EFA9C905A4E7FF1AB04600F518569D156E7252D77496008F41
                                Function 07685FBD Relevance: .0, Instructions: 22COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ff2e5465c0fb8ae8226a498fe4655b6a373f7276e271aa60f50750b1ae0d3b5d
                                • Instruction ID: e81ec5e77fc792fe880d77a44af3f9ef70e3baac5fcd99c7a2e5f97ba11627ee
                                • Opcode Fuzzy Hash: ff2e5465c0fb8ae8226a498fe4655b6a373f7276e271aa60f50750b1ae0d3b5d
                                • Instruction Fuzzy Hash: 65E08672C00279DBCB02AFED99054AFFF74DF16610F458666E9069B202E3700A20DFD1
                                Function 0768BF4F Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 482cd12b240c511692c72973521f188e6fc59fe576a2924fb9c7dedf0d450206
                                • Instruction ID: d508fc83b6adb3ac6b634e37726c05c9c39766e04aed435c6ec9f7f85ad927a0
                                • Opcode Fuzzy Hash: 482cd12b240c511692c72973521f188e6fc59fe576a2924fb9c7dedf0d450206
                                • Instruction Fuzzy Hash: 8CE09270528554CFD760EF28C456DBC7B39FF06200F0552E5D84E1B166CB30A941CF21
                                Function 07684E90 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a07c4b2635047aceb8fe85bf236e0dd000cd73bc1ae5a1c0b58532c8ac450382
                                • Instruction ID: dd722cc30ff932601295f96c58123fd6d38397627a5bf271d2405c4bfd73e3f6
                                • Opcode Fuzzy Hash: a07c4b2635047aceb8fe85bf236e0dd000cd73bc1ae5a1c0b58532c8ac450382
                                • Instruction Fuzzy Hash: 90E0C2B080124EDBCB54FFB4C4097AD7BF4AB06200F500699C406A3340DF300E48D782
                                Function 076855D0 Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 10f341e40a49193cc5975960c437fcfff449b40f2499a48e85f944f95dcff44d
                                • Instruction ID: 989122b7e56588316739eb5d17122abb4928b4fd334de6191656f0527e6c2b82
                                • Opcode Fuzzy Hash: 10f341e40a49193cc5975960c437fcfff449b40f2499a48e85f944f95dcff44d
                                • Instruction Fuzzy Hash: 52D0A7E60052C15EE383371444198023F76E6735403168BE7F8C39B033AD005925A32B
                                Function 07688390 Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a9cfce4f1e8cb8080860464644127c84ff37cb7f60ad205b1c6926f8ac221ab7
                                • Instruction ID: 0ead66d8b6a942886088d60e93deb2146968534580d951532e9b415c63f45951
                                • Opcode Fuzzy Hash: a9cfce4f1e8cb8080860464644127c84ff37cb7f60ad205b1c6926f8ac221ab7
                                • Instruction Fuzzy Hash: E8E046B0D1021ADFC780EFB9CA04A5EBBF1BF08200F1085A9C019E7212E7B486008F81
                                Function 07685FC8 Relevance: .0, Instructions: 16COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                                • Instruction ID: 4eb51d2f408a1dd79fca5333f89960ae5eea3b626c01a816c2eae0d8abf89262
                                • Opcode Fuzzy Hash: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                                • Instruction Fuzzy Hash: 19D09E72D00139978B10AFE9DC054DFFF79EF05650F418126E916AB101D3715A21DBD1
                                Function 07688488 Relevance: .0, Instructions: 14COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fb033199a0e0f01acc62411b839ea5c0cddf4a28a7d825533278376be71c1d67
                                • Instruction ID: b795dac9c834542ff586ba8f6c9ca5f469a4d456dfa7553d5166324b019568f3
                                • Opcode Fuzzy Hash: fb033199a0e0f01acc62411b839ea5c0cddf4a28a7d825533278376be71c1d67
                                • Instruction Fuzzy Hash: 63D0123311010D9E4B90FEE5ED40C5377DDBB147007408426E504CB130E621E528DB91
                                Function 0768A420 Relevance: .0, Instructions: 13COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5af855ebae0e72357098aaf4873c87b64266ad5c97a6e507b4b38e850188c5fc
                                • Instruction ID: ca1524bf62c76d03c8c9ad425d3c0c16dd8afacd56d47be1dcb13e28561b6b97
                                • Opcode Fuzzy Hash: 5af855ebae0e72357098aaf4873c87b64266ad5c97a6e507b4b38e850188c5fc
                                • Instruction Fuzzy Hash: 77D0A7720063844FD715A76DE51F6683F745B02102F0800A6F4CD45572CB944904C722
                                Function 0768A4A0 Relevance: .0, Instructions: 13COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 47163e6e0b2b20cc115cafc45be97ebc854b90f655f20e10731698f89e4331ec
                                • Instruction ID: e6884e18508a5399c7ec98d159ebdaa5b01196113df4101074aabfb03862b2c8
                                • Opcode Fuzzy Hash: 47163e6e0b2b20cc115cafc45be97ebc854b90f655f20e10731698f89e4331ec
                                • Instruction Fuzzy Hash: A3C0222100620103D3A027AEA50F77C39D0430A232F040B10A43E009E0DBA408668761
                                Function 0768A430 Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0ce6b32b35051af6f734106d7b6833f08ba084b3b8a13e2949324e3cf31e230e
                                • Instruction ID: 8db90062c77d9fb97213b182d7c8e4637969412ba156bb6688374e9e1ca5c991
                                • Opcode Fuzzy Hash: 0ce6b32b35051af6f734106d7b6833f08ba084b3b8a13e2949324e3cf31e230e
                                • Instruction Fuzzy Hash: 3DC08C720126088BE6246BAEB60F77C3FA8A702206F444015F40E009204FA00400CB66
                                Function 0768A4B0 Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a1bde797e8b893b17861c71695ac4906b409c3ad52ba70371c3fe09d7855c06f
                                • Instruction ID: 1f6fc763a36a8a9d33f8c1c7c39de32318be072367b51f2bb102c10025450b68
                                • Opcode Fuzzy Hash: a1bde797e8b893b17861c71695ac4906b409c3ad52ba70371c3fe09d7855c06f
                                • Instruction Fuzzy Hash: 35B02B7101370947C624339EB00F77C3BD84303201F044400A40E008101FB10404CBB5
                                Function 0768A654 Relevance: .0, Instructions: 9COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.1596112818.0000000007680000.00000040.00000800.00020000.00000000.sdmp, Offset: 07680000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7680000_remcos.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: eae2f068508fc38d56175427a06d8dbc3e7f51419bef334acd94b1da21d21eeb
                                • Instruction ID: 14bd74eb5ccb4e0ebf2e3013dac907035f0145a5a1b6925e7598370e7e66884a
                                • Opcode Fuzzy Hash: eae2f068508fc38d56175427a06d8dbc3e7f51419bef334acd94b1da21d21eeb
                                • Instruction Fuzzy Hash: D6D0C9B0924319CFEB50DF14D855BACBBB6FB45300F008198940952201DB741E86CF92