Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report kCcJdlYm9t.bin

Overview

General Information

Sample Name:kCcJdlYm9t.bin (renamed file extension from bin to exe)
Analysis ID:542163
MD5:5559e9f5e1645f8554ea020a29a5a3ee
SHA1:d74bd70862707cd2c7ab946903f6fa0aab066151
SHA256:5f614a8e35bd80a603cf98846c6a44030ad18bed45ac83bd2110d83e8a090de4
Tags:AtomSiloexeRansomware
Infos:

Most interesting Screenshot:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Found Tor onion address
Writes a notice file (html or txt) to demand a ransom
Creates HTA files
Machine Learning detection for sample
Detected TCP or UDP traffic on non-standard ports
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Entry point lies outside standard sections

Classification

Process Tree

  • System is w10x64
  • kCcJdlYm9t.exe (PID: 6536 cmdline: "C:\Users\user\Desktop\kCcJdlYm9t.exe" MD5: 5559E9F5E1645F8554EA020A29A5A3EE)
    • conhost.exe (PID: 6520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Multi AV Scanner detection for submitted fileShow sources
Source: kCcJdlYm9t.exeVirustotal: Detection: 37%Perma Link
Source: kCcJdlYm9t.exeMetadefender: Detection: 20%Perma Link
Source: kCcJdlYm9t.exeReversingLabs: Detection: 46%
Machine Learning detection for sampleShow sources
Source: kCcJdlYm9t.exeJoe Sandbox ML: detected
Source: kCcJdlYm9t.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeFile opened: c:\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\README-FILE-562258-1639906857.htaJump to behavior
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeFile opened: c:\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\README-FILE-562258-1639906857.htaJump to behavior
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeFile opened: c:\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\README-FILE-562258-1639906857.htaJump to behavior
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeFile opened: c:\Documents and Settings\Default\AppData\Local\Application Data\Application Data\README-FILE-562258-1639906857.htaJump to behavior
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeFile opened: c:\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\README-FILE-562258-1639906857.htaJump to behavior
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeFile opened: c:\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\README-FILE-562258-1639906857.htaJump to behavior

Networking:

barindex
Found Tor onion addressShow sources
Source: kCcJdlYm9t.exe, 00000000.00000002.551127517.00007FF763F36000.00000004.00020000.sdmpString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: kCcJdlYm9t.exe, 00000000.00000002.548149705.00000287BFDCB000.00000004.00000020.sdmpString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta15.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta6.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta25.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta24.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta7.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta28.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta0.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta2.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta33.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta34.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta14.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta18.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta19.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta20.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta26.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta23.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta30.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta12.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta22.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta11.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta35.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta13.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta5.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta21.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta29.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta32.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta3.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta8.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta27.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta31.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta1.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta10.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta16.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta17.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta4.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: README-FILE-562258-1639906857.hta9.0.drString found in binary or memory: <p><span class="info"><a href="http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion" target="_blank">http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion</a></span></p>
Source: global trafficTCP traffic: 192.168.2.3:49747 -> 139.180.184.147:45532
Source: unknownTCP traffic detected without corresponding DNS query: 139.180.184.147
Source: unknownTCP traffic detected without corresponding DNS query: 139.180.184.147
Source: unknownTCP traffic detected without corresponding DNS query: 139.180.184.147
Source: README-FILE-562258-1639906857.hta9.0.drString found in binary or memory: <p>If you have any problems during installation or use of TorBrowser, please, visit <a href="https://www.youtube.com/results?search_query=Install+Tor+Browser+Windows" target="_blank">https://www.youtube.com</a> and type request in the search bar "Install TorBrowser Windows" and you will find a lot of training videos about TorBrowser installation and use.</p> equals www.youtube.com (Youtube)
Source: kCcJdlYm9t.exe, 00000000.00000002.550851837.00007FF763EF7000.00000002.00020000.sdmpString found in binary or memory: http://139.180.184.147:45532/fake.php
Source: kCcJdlYm9t.exe, 00000000.00000002.550851837.00007FF763EF7000.00000002.00020000.sdmpString found in binary or memory: http://139.180.184.147:45532/fake.phpwinsta0
Source: README-FILE-562258-1639906857.hta9.0.drString found in binary or memory: http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion
Source: README-FILE-562258-1639906857.hta9.0.drString found in binary or memory: https://www.torproject.org/download/download-easy.html.en
Source: kCcJdlYm9t.exe, 00000000.00000002.551127517.00007FF763F36000.00000004.00020000.sdmp, kCcJdlYm9t.exe, 00000000.00000002.548149705.00000287BFDCB000.00000004.00000020.sdmp, README-FILE-562258-1639906857.hta15.0.dr, README-FILE-562258-1639906857.hta6.0.dr, README-FILE-562258-1639906857.hta25.0.dr, README-FILE-562258-1639906857.hta24.0.dr, README-FILE-562258-1639906857.hta7.0.dr, README-FILE-562258-1639906857.hta28.0.dr, README-FILE-562258-1639906857.hta0.0.dr, README-FILE-562258-1639906857.hta2.0.dr, README-FILE-562258-1639906857.hta33.0.dr, README-FILE-562258-1639906857.hta34.0.dr, README-FILE-562258-1639906857.hta14.0.dr, README-FILE-562258-1639906857.hta18.0.dr, README-FILE-562258-1639906857.hta19.0.dr, README-FILE-562258-1639906857.hta20.0.dr, README-FILE-562258-1639906857.hta26.0.dr, README-FILE-562258-1639906857.hta23.0.dr, README-FILE-562258-1639906857.hta30.0.dr, README-FILE-562258-1639906857.hta12.0.dr, README-FILE-562258-1639906857.hta22.0.dr, README-FILE-562258-1639906857.hta11.0.dr, README-FILE-562258-1639906857.hta.0.dr, README-FILE-562258-1639906857.hta35.0.dr, README-FILE-562258-1639906857.hta13.0.dr, README-FILE-562258-1639906857.hta5.0.dr, README-FILE-562258-1639906857.hta21.0.dr, index.html.0.dr, README-FILE-562258-1639906857.hta29.0.dr, README-FILE-562258-1639906857.hta32.0.dr, README-FILE-562258-1639906857.hta3.0.dr, README-FILE-562258-1639906857.hta8.0.dr, README-FILE-562258-1639906857.hta27.0.dr, README-FILE-562258-1639906857.hta31.0.dr, README-FILE-562258-1639906857.hta1.0.dr, README-FILE-562258-1639906857.hta10.0.dr, README-FILE-562258-1639906857.hta16.0.dr, README-FILE-562258-1639906857.hta17.0.dr, README-FILE-562258-1639906857.hta4.0.dr, README-FILE-562258-1639906857.hta9.0.drString found in binary or memory: https://www.youtube.com
Source: kCcJdlYm9t.exe, 00000000.00000002.551127517.00007FF763F36000.00000004.00020000.sdmp, kCcJdlYm9t.exe, 00000000.00000002.548149705.00000287BFDCB000.00000004.00000020.sdmp, README-FILE-562258-1639906857.hta15.0.dr, README-FILE-562258-1639906857.hta6.0.dr, README-FILE-562258-1639906857.hta25.0.dr, README-FILE-562258-1639906857.hta24.0.dr, README-FILE-562258-1639906857.hta7.0.dr, README-FILE-562258-1639906857.hta28.0.dr, README-FILE-562258-1639906857.hta0.0.dr, README-FILE-562258-1639906857.hta2.0.dr, README-FILE-562258-1639906857.hta33.0.dr, README-FILE-562258-1639906857.hta34.0.dr, README-FILE-562258-1639906857.hta14.0.dr, README-FILE-562258-1639906857.hta18.0.dr, README-FILE-562258-1639906857.hta19.0.dr, README-FILE-562258-1639906857.hta20.0.dr, README-FILE-562258-1639906857.hta26.0.dr, README-FILE-562258-1639906857.hta23.0.dr, README-FILE-562258-1639906857.hta30.0.dr, README-FILE-562258-1639906857.hta12.0.dr, README-FILE-562258-1639906857.hta22.0.dr, README-FILE-562258-1639906857.hta11.0.dr, README-FILE-562258-1639906857.hta.0.dr, README-FILE-562258-1639906857.hta35.0.dr, README-FILE-562258-1639906857.hta13.0.dr, README-FILE-562258-1639906857.hta5.0.dr, README-FILE-562258-1639906857.hta21.0.dr, index.html.0.dr, README-FILE-562258-1639906857.hta29.0.dr, README-FILE-562258-1639906857.hta32.0.dr, README-FILE-562258-1639906857.hta3.0.dr, README-FILE-562258-1639906857.hta8.0.dr, README-FILE-562258-1639906857.hta27.0.dr, README-FILE-562258-1639906857.hta31.0.dr, README-FILE-562258-1639906857.hta1.0.dr, README-FILE-562258-1639906857.hta10.0.dr, README-FILE-562258-1639906857.hta16.0.dr, README-FILE-562258-1639906857.hta17.0.dr, README-FILE-562258-1639906857.hta4.0.dr, README-FILE-562258-1639906857.hta9.0.drString found in binary or memory: https://www.youtube.com/results?search_query=Install
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeFile created: c:\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\README-FILE-562258-1639906857.htaJump to behavior

Spam, unwanted Advertisements and Ransom Demands:

barindex
Writes a notice file (html or txt) to demand a ransomShow sources
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeFile dropped: C:\Users\Public\index.html -> decrypt your files safely is to buy the special decryption software from us. </p><p>the price of decryption software is <span style="color:#f71b3a">500000 dollars</span>. <br>if you pay within 48 hours, you only need to pay <span style="color:#f71b3a">70% off dollars</span>. no price reduction is accepted.</p><p>we only accept bitcoin payment,you can buy it from bitpay,coinbase,binance or others. </p><p>you have five days to decide whether to pay or not. after a week, we will no longer provide decryption tools and publish your files</p> </div><hr></hr><div align="center"><span style="color:#f71b3a;font-size:200%">time starts at 0:00 on december 10 </span><hr></hr><span style="color:#f71b3a;font-size:300%"><a>survival time</a><span id="td"></span><span id="th"></span><span id="tm"></span><span id="ts"></span></span></div><script type="text/javascript">function getrtime(){var Jump to dropped file

System Summary:

barindex
Creates HTA filesShow sources
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeFile created: c:\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\README-FILE-562258-1639906857.htaJump to behavior
Source: kCcJdlYm9t.exeVirustotal: Detection: 37%
Source: kCcJdlYm9t.exeMetadefender: Detection: 20%
Source: kCcJdlYm9t.exeReversingLabs: Detection: 46%
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\kCcJdlYm9t.exe "C:\Users\user\Desktop\kCcJdlYm9t.exe"
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeMutant created: \Sessions\1\BaseNamedObjects\8d5e957f297893487bd98fa830fa6413
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6520:120:WilError_01
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeFile created: C:\Users\Public\index.htmlJump to behavior
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeFile created: c:\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\README-FILE-562258-1639906857.htaJump to behavior
Source: classification engineClassification label: mal68.rans.evad.winEXE@2/38@0/1
Source: kCcJdlYm9t.exeStatic file information: File size 6242816 > 1048576
Source: kCcJdlYm9t.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: kCcJdlYm9t.exeStatic PE information: Raw size of .zuF2 is bigger than: 0x100000 < 0x5f2e00
Source: kCcJdlYm9t.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Source: kCcJdlYm9t.exeStatic PE information: section name: .zuF0
Source: kCcJdlYm9t.exeStatic PE information: section name: .zuF1
Source: kCcJdlYm9t.exeStatic PE information: section name: .zuF2
Source: initial sampleStatic PE information: section where entry point is pointing to: .zuF2
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeFile created: c:\Documents and Settings\Default\Start Menu\README-FILE-562258-1639906857.htaJump to behavior
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeFile created: c:\Documents and Settings\Default\Start Menu\Programs\README-FILE-562258-1639906857.htaJump to behavior
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeFile created: c:\Documents and Settings\Default\Start Menu\Programs\Accessibility\README-FILE-562258-1639906857.htaJump to behavior
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeFile created: c:\Documents and Settings\Default\Start Menu\Programs\Accessories\README-FILE-562258-1639906857.htaJump to behavior
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeFile created: c:\Documents and Settings\Default\Start Menu\Programs\Maintenance\README-FILE-562258-1639906857.htaJump to behavior
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeFile created: c:\Documents and Settings\Default\Start Menu\Programs\System Tools\README-FILE-562258-1639906857.htaJump to behavior
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeFile created: c:\Documents and Settings\Default\Start Menu\Programs\Windows PowerShell\README-FILE-562258-1639906857.htaJump to behavior

Hooking and other Techniques for Hiding and Protection:

barindex
Overwrites code with unconditional jumps - possibly settings hooks in foreign processShow sources
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeMemory written: PID: 6536 base: 7FFC8DE30008 value: E9 7B A9 EA FF Jump to behavior
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeMemory written: PID: 6536 base: 7FFC8DCDA980 value: E9 90 56 15 00 Jump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeFile opened: c:\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\README-FILE-562258-1639906857.htaJump to behavior
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeFile opened: c:\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\README-FILE-562258-1639906857.htaJump to behavior
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeFile opened: c:\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\README-FILE-562258-1639906857.htaJump to behavior
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeFile opened: c:\Documents and Settings\Default\AppData\Local\Application Data\Application Data\README-FILE-562258-1639906857.htaJump to behavior
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeFile opened: c:\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\README-FILE-562258-1639906857.htaJump to behavior
Source: C:\Users\user\Desktop\kCcJdlYm9t.exeFile opened: c:\Documents and Settings\Default\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\README-FILE-562258-1639906857.htaJump to behavior
Source: kCcJdlYm9t.exe, 00000000.00000003.370360775.00000287BFE09000.00000004.00000001.sdmp, kCcJdlYm9t.exe, 00000000.00000002.548149705.00000287BFDCB000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAWPk
Source: kCcJdlYm9t.exe, 00000000.00000002.548227792.00000287BFE1F000.00000004.00000020.sdmp, kCcJdlYm9t.exe, 00000000.00000003.370294995.00000287BFE3F000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW>
Source: kCcJdlYm9t.exe, 00000000.00000002.548227792.00000287BFE1F000.00000004.00000020.sdmp, kCcJdlYm9t.exe, 00000000.00000003.370294995.00000287BFE3F000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
Source: kCcJdlYm9t.exe, 00000000.00000002.548680306.00000287C0270000.00000002.00020000.sdmpBinary or memory string: Program Manager
Source: kCcJdlYm9t.exe, 00000000.00000002.548680306.00000287C0270000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
Source: kCcJdlYm9t.exe, 00000000.00000002.548680306.00000287C0270000.00000002.00020000.sdmpBinary or memory string: Progman
Source: kCcJdlYm9t.exe, 00000000.00000002.548680306.00000287C0270000.00000002.00020000.sdmpBinary or memory string: Progmanlock

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationRegistry Run Keys / Startup Folder1Process Injection2Masquerading1Credential API Hooking1Security Software Discovery1Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumNon-Standard Port1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationData Encrypted for Impact1
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsRegistry Run Keys / Startup Folder1Process Injection2LSASS MemoryProcess Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothProxy1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Mshta1Security Account ManagerFile and Directory Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationIngress Tool Transfer1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Information Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
kCcJdlYm9t.exe37%VirustotalBrowse
kCcJdlYm9t.exe21%MetadefenderBrowse
kCcJdlYm9t.exe47%ReversingLabsWin64.Ransomware.LockFile
kCcJdlYm9t.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onion0%Avira URL Cloudsafe
http://139.180.184.147:45532/fake.php4%VirustotalBrowse
http://139.180.184.147:45532/fake.php0%Avira URL Cloudsafe
http://139.180.184.147:45532/fake.phpwinsta00%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://www.youtube.com/results?search_query=InstallkCcJdlYm9t.exe, 00000000.00000002.551127517.00007FF763F36000.00000004.00020000.sdmp, kCcJdlYm9t.exe, 00000000.00000002.548149705.00000287BFDCB000.00000004.00000020.sdmp, README-FILE-562258-1639906857.hta15.0.dr, README-FILE-562258-1639906857.hta6.0.dr, README-FILE-562258-1639906857.hta25.0.dr, README-FILE-562258-1639906857.hta24.0.dr, README-FILE-562258-1639906857.hta7.0.dr, README-FILE-562258-1639906857.hta28.0.dr, README-FILE-562258-1639906857.hta0.0.dr, README-FILE-562258-1639906857.hta2.0.dr, README-FILE-562258-1639906857.hta33.0.dr, README-FILE-562258-1639906857.hta34.0.dr, README-FILE-562258-1639906857.hta14.0.dr, README-FILE-562258-1639906857.hta18.0.dr, README-FILE-562258-1639906857.hta19.0.dr, README-FILE-562258-1639906857.hta20.0.dr, README-FILE-562258-1639906857.hta26.0.dr, README-FILE-562258-1639906857.hta23.0.dr, README-FILE-562258-1639906857.hta30.0.dr, README-FILE-562258-1639906857.hta12.0.dr, README-FILE-562258-1639906857.hta22.0.dr, README-FILE-562258-1639906857.hta11.0.dr, README-FILE-562258-1639906857.hta.0.dr, README-FILE-562258-1639906857.hta35.0.dr, README-FILE-562258-1639906857.hta13.0.dr, README-FILE-562258-1639906857.hta5.0.dr, README-FILE-562258-1639906857.hta21.0.dr, index.html.0.dr, README-FILE-562258-1639906857.hta29.0.dr, README-FILE-562258-1639906857.hta32.0.dr, README-FILE-562258-1639906857.hta3.0.dr, README-FILE-562258-1639906857.hta8.0.dr, README-FILE-562258-1639906857.hta27.0.dr, README-FILE-562258-1639906857.hta31.0.dr, README-FILE-562258-1639906857.hta1.0.dr, README-FILE-562258-1639906857.hta10.0.dr, README-FILE-562258-1639906857.hta16.0.dr, README-FILE-562258-1639906857.hta17.0.dr, README-FILE-562258-1639906857.hta4.0.dr, README-FILE-562258-1639906857.hta9.0.drfalse
    		high
    http://l5cjga2ksw6rxumu5l4xxn3cmahhi2irkbwg3amx6ajroyfmfgpfllid.onionREADME-FILE-562258-1639906857.hta9.0.drtrue
    • Avira URL Cloud: safe
    		unknown
    http://139.180.184.147:45532/fake.phpkCcJdlYm9t.exe, 00000000.00000002.550851837.00007FF763EF7000.00000002.00020000.sdmpfalse
    • 4%, Virustotal, Browse
    • Avira URL Cloud: safe
    		unknown
    http://139.180.184.147:45532/fake.phpwinsta0kCcJdlYm9t.exe, 00000000.00000002.550851837.00007FF763EF7000.00000002.00020000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.youtube.comkCcJdlYm9t.exe, 00000000.00000002.551127517.00007FF763F36000.00000004.00020000.sdmp, kCcJdlYm9t.exe, 00000000.00000002.548149705.00000287BFDCB000.00000004.00000020.sdmp, README-FILE-562258-1639906857.hta15.0.dr, README-FILE-562258-1639906857.hta6.0.dr, README-FILE-562258-1639906857.hta25.0.dr, README-FILE-562258-1639906857.hta24.0.dr, README-FILE-562258-1639906857.hta7.0.dr, README-FILE-562258-1639906857.hta28.0.dr, README-FILE-562258-1639906857.hta0.0.dr, README-FILE-562258-1639906857.hta2.0.dr, README-FILE-562258-1639906857.hta33.0.dr, README-FILE-562258-1639906857.hta34.0.dr, README-FILE-562258-1639906857.hta14.0.dr, README-FILE-562258-1639906857.hta18.0.dr, README-FILE-562258-1639906857.hta19.0.dr, README-FILE-562258-1639906857.hta20.0.dr, README-FILE-562258-1639906857.hta26.0.dr, README-FILE-562258-1639906857.hta23.0.dr, README-FILE-562258-1639906857.hta30.0.dr, README-FILE-562258-1639906857.hta12.0.dr, README-FILE-562258-1639906857.hta22.0.dr, README-FILE-562258-1639906857.hta11.0.dr, README-FILE-562258-1639906857.hta.0.dr, README-FILE-562258-1639906857.hta35.0.dr, README-FILE-562258-1639906857.hta13.0.dr, README-FILE-562258-1639906857.hta5.0.dr, README-FILE-562258-1639906857.hta21.0.dr, index.html.0.dr, README-FILE-562258-1639906857.hta29.0.dr, README-FILE-562258-1639906857.hta32.0.dr, README-FILE-562258-1639906857.hta3.0.dr, README-FILE-562258-1639906857.hta8.0.dr, README-FILE-562258-1639906857.hta27.0.dr, README-FILE-562258-1639906857.hta31.0.dr, README-FILE-562258-1639906857.hta1.0.dr, README-FILE-562258-1639906857.hta10.0.dr, README-FILE-562258-1639906857.hta16.0.dr, README-FILE-562258-1639906857.hta17.0.dr, README-FILE-562258-1639906857.hta4.0.dr, README-FILE-562258-1639906857.hta9.0.drfalse
      		high
      https://www.torproject.org/download/download-easy.html.enREADME-FILE-562258-1639906857.hta9.0.drfalse
        		high

        Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public

        IPDomainCountryFlagASNASN NameMalicious
        139.180.184.147
        		unknownUnited States
        		20473AS-CHOOPAUSfalse

        General Information

        Joe Sandbox Version:34.0.0 Boulder Opal
        Analysis ID:542163
        Start date:19.12.2021
        Start time:00:21:14
        Joe Sandbox Product:CloudBasic
        Overall analysis duration:0h 5m 39s
        Hypervisor based Inspection enabled:false
        Report type:full
        Sample file name:kCcJdlYm9t.bin (renamed file extension from bin to exe)
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
        Number of analysed new started processes analysed:23
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • HDC enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Detection:MAL
        Classification:mal68.rans.evad.winEXE@2/38@0/1
        EGA Information:Failed
        HDC Information:
        • Successful, ratio: 100% (good quality ratio 50%)
        • Quality average: 17.5%
        • Quality standard deviation: 17.5%
        HCA Information:Failed
        Cookbook Comments:
        • Adjust boot time
        • Enable AMSI
        Warnings:
        Show All
        • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
        • Excluded IPs from analysis (whitelisted): 23.54.113.53, 23.54.113.104
        • Excluded domains from analysis (whitelisted): fs.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, e1723.g.akamaiedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, store-images.s-microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, cdn.onenote.net, prod.fs.microsoft.com.akadns.net
        • Not all processes where analyzed, report is missing behavior information

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
        139.180.184.147klHnJP9KUp.exeGet hashmaliciousBrowse

          Domains

          No context

          ASN

          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
          AS-CHOOPAUSjavaGet hashmaliciousBrowse
          • 139.180.189.50
          setup_x86_x64_install.exeGet hashmaliciousBrowse
          • 149.28.78.238
          CfAG7RLYwP.exeGet hashmaliciousBrowse
          • 149.28.253.196
          ransomware.exeGet hashmaliciousBrowse
          • 45.76.99.222
          lhFZ5lgVZe.exeGet hashmaliciousBrowse
          • 149.28.253.196
          PLsr36JHqc.exeGet hashmaliciousBrowse
          • 149.28.78.238
          QPoUOIhwkO.exeGet hashmaliciousBrowse
          • 149.28.78.238
          hT8opTEkOj.exeGet hashmaliciousBrowse
          • 149.28.253.196
          RIxTQg4Dl6.exeGet hashmaliciousBrowse
          • 149.28.78.238
          tyGGXi7QXW.jsGet hashmaliciousBrowse
          • 45.76.154.237
          sohyEVpQMp.jsGet hashmaliciousBrowse
          • 45.76.154.237
          DBC1tg2tq1.jsGet hashmaliciousBrowse
          • 45.76.154.237
          tyGGXi7QXW.jsGet hashmaliciousBrowse
          • 45.76.154.237
          sohyEVpQMp.jsGet hashmaliciousBrowse
          • 45.76.154.237
          DBC1tg2tq1.jsGet hashmaliciousBrowse
          • 45.76.154.237
          ZvMcD3kgsF.exeGet hashmaliciousBrowse
          • 149.28.253.196
          ZvMcD3kgsF.exeGet hashmaliciousBrowse
          • 149.28.253.196
          q9VO0ItTRSrphpi.exeGet hashmaliciousBrowse
          • 149.28.69.224
          cMGS14q1Sz.exeGet hashmaliciousBrowse
          • 149.28.253.196
          xXVJKyzkPV.exeGet hashmaliciousBrowse
          • 149.28.253.196

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Reputation:low
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Reputation:low
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Reputation:low
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\Local\Microsoft\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Reputation:low
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\Gadgets\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Reputation:low
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\Local\Microsoft\Windows Sidebar\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Reputation:low
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\Local\Microsoft\Windows\History\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Reputation:low
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Reputation:low
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\Local\Microsoft\Windows\INetCookies\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Reputation:low
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\Local\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Reputation:low
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\Local\Temp\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Reputation:low
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Reputation:low
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\Roaming\Microsoft\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Reputation:low
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Reputation:low
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Reputation:low
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\AppData\Roaming\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\Desktop\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\Documents\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\Downloads\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\Favorites\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\Links\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\Music\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\Pictures\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\Saved Games\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Default\Videos\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:modified
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\Public\index.html
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:true
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.
          C:\Users\README-FILE-562258-1639906857.hta
          Process:C:\Users\user\Desktop\kCcJdlYm9t.exe
          File Type:HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
          Category:dropped
          Size (bytes):11432
          Entropy (8bit):6.021959836976645
          Encrypted:false
          SSDEEP:192:nxDqEN2eSBJQbyBcfpWj4RYFhkAe1kvKQh+089L7drMckM1t:QucQbyBcBWjrhk/ySx0SnVZD
          MD5:3F4C0308565DC6AD1FA5D9BEF42FD3CF
          SHA1:5C1FAB71AF6E14779F133EAAAB81522DBE884607
          SHA-256:5D62460D3EE9AF9244680B480C017861216B05C34B804FCE37E8665CA3BDE9E2
          SHA-512:43968C53FE691C9E1012D0EEC79ED3B1CF54128B3B585880E44C33EA9BCC8C193867F2FDD1A5801ADA57C42908F5A4D8726008EC71DE6D3C3665005FF65401A6
          Malicious:false
          Preview: <!DOCTYPE html>..<html lang="en">..<head>...<meta charset="utf-8">...<title>Atom Slio: Instructions</title>...<HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize">......<style type="text/css">....text{....text-align:center;...}...a {....color: #04a;....text-decoration: none;...}...a:hover {....text-decoration: underline;...}...body {....background-color: #e7e7e7;....color: #222;....font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;....font-size: 13pt;....line-height: 19pt;...}...body, h1 {....margin: 0;....padding: 0;...}...hr {....color: #bda;....height: 2pt;....margin: 1.5%;...}...h1 {....color: #555;....font-size: 14pt;...}...ol {....padding-left: 2.5%;...}...ol li {....padding-bottom: 13pt;...}...small {....color: #555;....font-size: 11pt;...}....button:hover {....text-decoration: underline;...}....container {....background-color: #fff;....border: 2pt solid #c7c7c7;....margin: 5%;....min-width: 850px;....padding: 2.5%;.

          Static File Info

          General

          File type:PE32+ executable (console) x86-64, for MS Windows
          Entropy (8bit):7.921607431888335
          TrID:
          • Win64 Executable Console (202006/5) 92.65%
          • Win64 Executable (generic) (12005/4) 5.51%
          • Generic Win/DOS Executable (2004/3) 0.92%
          • DOS Executable Generic (2002/1) 0.92%
          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
          File name:kCcJdlYm9t.exe
          File size:6242816
          MD5:5559e9f5e1645f8554ea020a29a5a3ee
          SHA1:d74bd70862707cd2c7ab946903f6fa0aab066151
          SHA256:5f614a8e35bd80a603cf98846c6a44030ad18bed45ac83bd2110d83e8a090de4
          SHA512:56835d08f64887c4bd7b0fecd111f4b89411c45398618d815ed9652a0addbf25939fee9f40c4a0315e5e1539c0e87fcd5a9bd73cd7ad43d97d1484763abc5540
          SSDEEP:98304:YqqGLqEfydHgelcdpKCEAlFcyXSbSOK8AvpDggzc8LeAf5pNR0N75E6:dpLqEWJcd0CEzyibGpDpRRpYtO
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......a.........."......Z..........z..........@..........................................`................................

          File Icon

          Icon Hash:00828e8e8686b000

          Static PE Info

          General

          Entrypoint:0x14085fc7a
          Entrypoint Section:.zuF2
          Digitally signed:false
          Imagebase:0x140000000
          Subsystem:windows cui
          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
          DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
          Time Stamp:0x61B20ADE [Thu Dec 9 13:55:42 2021 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:5
          OS Version Minor:2
          File Version Major:5
          File Version Minor:2
          Subsystem Version Major:5
          Subsystem Version Minor:2
          Import Hash:4fb24a31e05bcb3f1ec23d88b5dc5e10

          Entrypoint Preview

          Instruction
          push 6CCBEBE0h
          call 00007FAD24DEBEDEh
          xchg eax, esi
          shr byte ptr [ecx], FFFFFFFBh
          inc edx
          sub al, DFh
          jbe 00007FAD24D43FA7h
          cmp al, E9h
          push edi
          sub dword ptr [ebp+esi+346B86D9h], ebp
          jle 00007FAD24D43F9Bh
          jne 00007FAD24D43F76h
          fist dword ptr [ebx+51146A47h]
          cmp esp, dword ptr [edi+ebx*4]
          imul ebp, ebx, 1Ah
          setb bl
          pushfd
          dec ecx
          jbe 00007FAD24D43EFDh
          imul esp, dword ptr [eax-19h], E3h
          arpl word ptr [edi+ebx*4+146806DBh], dx
          int3
          mov cx, ds
          xchg eax, esp
          xor dword ptr [edx+6CEB95E2h], 53h
          movsb
          lahf
          imul ecx, dword ptr [ebx+146786F4h], CEh
          xchg eax, esp
          and dword ptr [ebx+14h], ebp
          int1
          cmp dword ptr [edi+74h], ebx
          adc al, 74h
          add dword ptr [ecx+eax*4], edi
          imul edi, dword ptr [esi-1473E810h], 41h
          pop ebx
          outsb
          test dword ptr [ebx+75h], ebp
          sbb eax, 7A947DFBh
          add dword ptr [esi], ebx
          jbe 00007FAD24D43F76h
          dec esi
          sar dword ptr [ecx-6Ch], FFFFFF86h
          dec edx
          xchg eax, esp
          sbb cl, byte ptr [eax-41h]
          jecxz 00007FAD24D43F01h
          call far BB88h : CAC2C290h
          in al, 78h
          adc al, 81h
          mov eax, dword ptr [1A9A9CD9h]
          inc esi
          popfd
          jp 00007FAD24D43F06h
          jo 00007FAD24D43F60h
          jmp far 8FE5h : 7794EBB7h
          pop ds
          imul dword ptr [eax+ebp-709461D4h]
          mov cl, D4h
          cmc
          and byte ptr [ecx+705BC5F9h], bl
          or ecx, dword ptr [ebp-66A8994Eh]
          lahf
          cmp byte ptr [ecx], al
          test al, E4h
          jno 00007FAD24D43F6Dh
          lea esi, dword ptr [edx+31989DEBh]
          cdq

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0x7b73800xc8.zuF2
          IMAGE_DIRECTORY_ENTRY_RESOURCE0xa390000x1d5.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0xa2ce300xafc8.zuF2
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0xa380000xe0.reloc
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x8670f80x28.zuF2
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xa2cd300x100.zuF2
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x4440000xe0.zuF1
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x10000x958e80x0False0empty0.0IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          .rdata0x970000x3c27e0x0False0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .data0xd40000x138e40x0False0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
          .pdata0xe80000x83340x0False0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .zuF00xf10000x352a990x0unknownunknownunknownunknownIMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          .zuF10x4440000xbe00xc00False0.0380859375data0.236345806672IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
          .zuF20x4450000x5f2df80x5f2e00unknownunknownunknownunknownIMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_READ
          .reloc0xa380000xe00x200False0.341796875data2.0306191961IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .rsrc0xa390000x1d50x200False0.53125data4.71767883295IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

          Resources

          NameRVASizeTypeLanguageCountry
          RT_MANIFEST0xa390580x17dXML 1.0 document textEnglishUnited States

          Imports

          DLLImport
          KERNEL32.dllGetVersionExW
          USER32.dllwsprintfA
          ADVAPI32.dllAdjustTokenPrivileges
          USERENV.dllCreateEnvironmentBlock
          WTSAPI32.dllWTSQueryUserToken
          WININET.dllHttpSendRequestA
          KERNEL32.dllGetSystemTimeAsFileTime
          USER32.dllCharUpperBuffW
          KERNEL32.dllLocalAlloc, LocalFree, GetModuleFileNameW, GetProcessAffinityMask, SetProcessAffinityMask, SetThreadAffinityMask, Sleep, ExitProcess, LoadLibraryA, GetModuleHandleA, GetProcAddress

          Possible Origin

          Language of compilation systemCountry where language is spokenMap
          EnglishUnited States

          Network Behavior

          Snort IDS Alerts

          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
          12/19/21-00:22:09.559855ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited139.180.184.147192.168.2.3
          12/19/21-00:22:12.568161ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited139.180.184.147192.168.2.3
          12/19/21-00:22:18.584472ICMP486ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited139.180.184.147192.168.2.3

          Network Port Distribution

          TCP Packets

          TimestampSource PortDest PortSource IPDest IP
          Dec 19, 2021 00:22:09.213848114 CET4974745532192.168.2.3139.180.184.147
          Dec 19, 2021 00:22:12.222275019 CET4974745532192.168.2.3139.180.184.147
          Dec 19, 2021 00:22:18.238455057 CET4974745532192.168.2.3139.180.184.147

          ICMP Packets

          TimestampSource IPDest IPChecksumCodeType
          Dec 19, 2021 00:22:09.559854984 CET139.180.184.147192.168.2.3410(Unknown)Destination Unreachable
          Dec 19, 2021 00:22:12.568161011 CET139.180.184.147192.168.2.3410(Unknown)Destination Unreachable
          Dec 19, 2021 00:22:18.584471941 CET139.180.184.147192.168.2.3410(Unknown)Destination Unreachable

          Code Manipulations

          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          High Level Behavior Distribution

          Click to dive into process behavior distribution

          Behavior

          Click to jump to process

          System Behavior

          Analysis Process: kCcJdlYm9t.exe PID: 6536 Parent PID: 1664

          General

          Start time:00:22:05
          Start date:19/12/2021
          Path:C:\Users\user\Desktop\kCcJdlYm9t.exe
          Wow64 process (32bit):false
          Commandline:"C:\Users\user\Desktop\kCcJdlYm9t.exe"
          Imagebase:0x7ff763e60000
          File size:6242816 bytes
          MD5 hash:5559E9F5E1645F8554EA020A29A5A3EE
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:low

          Chronological Activities

          Analysis Process: conhost.exe PID: 6520 Parent PID: 6536

          General

          Start time:00:22:06
          Start date:19/12/2021
          Path:C:\Windows\System32\conhost.exe
          Wow64 process (32bit):false
          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Imagebase:0x7ff7f20f0000
          File size:625664 bytes
          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Reputation:high

          Chronological Activities

          Disassembly

          Code Analysis

          Reset < >